Current state of research on cross-site scripting (XSS) - A systematic literature review
暂无分享,去创建一个
Novia Admodisastro | Hazura Zulzalil | Abu Bakar Md Sultan | Isatou Hydara | A. B. Sultan | N. Admodisastro | H. Zulzalil | Isatou Hydara
[1] Laurence Duchien,et al. AProSec: an Aspect for Programming Secure Web Applications , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).
[2] Junho Choi,et al. Efficient Malicious Code Detection Using N-Gram Analysis and SVM , 2011, 2011 14th International Conference on Network-Based Information Systems.
[3] José María Sierra,et al. LAPSE+ Static Analysis Security Software: Vulnerabilities Detection in Java EE Applications , 2011 .
[4] Mohammad Zulkernine,et al. DESERVE: A Framework for Detecting Program Security Vulnerability Exploitations , 2012, 2012 IEEE Sixth International Conference on Software Security and Reliability.
[5] V. N. Venkatakrishnan,et al. WebAppArmor: A Framework for Robust Prevention of Attacks on Web Applications (Invited Paper) , 2010, ICISS.
[6] Lance Fortnow,et al. ViewpointTime for computer science to grow up , 2009, Commun. ACM.
[7] Marco Vieira,et al. Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks , 2007 .
[8] Angelina Geetha,et al. Intrusion Protection against SQL Injection and Cross Site Scripting Attacks Using a Reverse Proxy , 2012, SNDS.
[9] S. Selvakumar,et al. BIXSAN: browser independent XSS sanitizer for prevention of XSS attacks , 2011, SOEN.
[10] Eduardo Feitosa,et al. Automatic classification of cross-site scripting in web pages using document-based and URL-based features , 2012, 2012 IEEE Symposium on Computers and Communications (ISCC).
[11] Luigi Coppolino,et al. From Intrusion Detection to Intrusion Detection and Diagnosis: An Ontology-Based Approach , 2009, SEUS.
[12] Phyllis G. Frankl,et al. Preventing Web Application Injections with Complementary Character Coding , 2011, ESORICS.
[13] Divya Bansal,et al. Optimized client side solution for cross site scripting , 2008, 2008 16th IEEE International Conference on Networks.
[14] Jianhua Sun,et al. An execution-flow based method for detecting Cross-site Scripting attacks , 2010, The 2nd International Conference on Software Engineering and Data Mining.
[15] Dawn Xiaodong Song,et al. Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[16] K. Sivakumar,et al. Constructing a "Common Cross Site Scripting Vulnerabilities Enumeration (CXE)" Using CWE and CVE , 2007, ICISS.
[17] Onur Aciiçmez,et al. Alhambra: a system for creating, enforcing, and testing browser security policies , 2010, WWW '10.
[18] Marco Vieira,et al. Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks , 2007, 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007).
[19] Zhoujun Li,et al. Program Slicing Stored XSS Bugs in Web Application , 2011, 2011 Fifth International Conference on Theoretical Aspects of Software Engineering.
[20] R. Sekar,et al. Protection, usability and improvements in reflected XSS filters , 2012, ASIACCS '12.
[21] Incheon Paik,et al. Classification of malicious web code by machine learning , 2011, 2011 3rd International Conference on Awareness Science and Technology (iCAST).
[22] Dake He,et al. Model Checking for the Defense against Cross-Site Scripting Attacks , 2012, 2012 International Conference on Computer Science and Service System.
[23] Zhou Li,et al. FIRM: capability-based inline mediation of Flash behaviors , 2010, ACSAC '10.
[24] Mohammad Zulkernine,et al. MUTEC: Mutation-based testing of Cross Site Scripting , 2009, 2009 ICSE Workshop on Software Engineering for Secure Systems.
[25] Levente Buttyán,et al. XCS based hidden firmware modification on embedded devices , 2011, SoftCOM 2011, 19th International Conference on Software, Telecommunications and Computer Networks.
[26] Tzi-cker Chiueh,et al. Dynamic multi-process information flow tracking for web application security , 2007, MC '07.
[27] Eyas El-Qawasmeh,et al. Discovering security vulnerabilities and leaks in ASP.NET websites , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).
[28] M. Ponnavaikko,et al. Risk mitigation for cross site scripting attacks using signature based model on the server side , 2007 .
[29] Collin Jackson,et al. Regular expressions considered harmful in client-side XSS filters , 2010, WWW '10.
[30] Christopher Krügel,et al. Leveraging User Interactions for In-Depth Testing of Web Applications , 2008, RAID.
[31] James Purtilo,et al. A Testbed for the Evaluation of Web Intrusion Prevention Systems , 2011, 2011 Third International Workshop on Security Measurements and Metrics.
[32] Christopher Krügel,et al. Client-side cross-site scripting protection , 2009, Comput. Secur..
[33] Zhi-jian Wang,et al. Notice of RetractionA Static Analysis Tool for Detecting Web Application Injection Vulnerabilities for ASP Program , 2010, 2010 2nd International Conference on E-business and Information System Security.
[34] Mohammad Zulkernine,et al. S2XS2: A Server Side Approach to Automatically Detect XSS Attacks , 2011, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing.
[35] Christopher Krügel,et al. Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).
[36] Pearl Brereton,et al. Performing systematic literature reviews in software engineering , 2006, ICSE.
[37] Thorsten Holz,et al. Crouching tiger - hidden payload: security risks of scalable vectors graphics , 2011, CCS '11.
[38] C. M. Frenz,et al. XSSmon: A Perl based IDS for the detection of potential XSS attacks , 2012, 2012 IEEE Long Island Systems, Applications and Technology Conference (LISAT).
[39] Wouter Joosen,et al. FlashOver: automated discovery of cross-site scripting vulnerabilities in rich internet applications , 2012, ASIACCS '12.
[40] Martin Hofmann,et al. Type-Based Enforcement of Secure Programming Guidelines - Code Injection Prevention at SAP , 2011, Formal Aspects in Security and Trust.
[41] V. N. Venkatakrishnan,et al. XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks , 2008, DIMVA.
[42] M. Ponnavaikko,et al. A solution to block Cross Site Scripting Vulnerabilities based on Service Oriented Architecture , 2007, 6th IEEE/ACIS International Conference on Computer and Information Science (ICIS 2007).
[43] Sanjay Rawat,et al. XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing , 2012, 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.
[44] Marc-André Laverdière,et al. Assisting Programmers Resolving Vulnerabilities in Java Web Applications , 2011 .
[45] Carla Merkle Westphall,et al. Proposal and development of the Web services input validation model , 2012, 2012 IEEE Network Operations and Management Symposium.
[46] Dawn Xiaodong Song,et al. A Systematic Analysis of XSS Sanitization in Web Application Frameworks , 2011, ESORICS.
[47] Nicolas Juillerat,et al. Enforcing code security in database web applications using libraries and object models , 2007, LCSD '07.
[48] Dan Boneh,et al. XCS: cross channel scripting and its impact on web applications , 2009, CCS.
[49] Mariano Ceccato,et al. Grammar based oracle for security testing of web applications , 2012, 2012 7th International Workshop on Automation of Software Test (AST).
[50] Úlfar Erlingsson,et al. Using web application construction frameworks to protect against code injection attacks , 2007, PLAS '07.
[51] V. N. Venkatakrishnan,et al. Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[52] Fang Yu,et al. Stranger: An Automata-Based String Analysis Tool for PHP , 2010, TACAS.
[53] Pratheep Bunyatnoparat,et al. Protecting cookies from Cross Site Script attacks using Dynamic Cookies Rewriting technique , 2011, 13th International Conference on Advanced Communication Technology (ICACT2011).
[54] Masaru Takesue. A Protection Scheme against the Attacks Deployed by Hiding the Violation of the Same Origin Policy , 2008, 2008 Second International Conference on Emerging Security Information, Systems and Technologies.
[55] Fang Yu,et al. String Abstractions for String Verification , 2011, SPIN.
[56] Kaloian Petkov. Overcoming programming flaws: indexing of common software vulnerabilities , 2005, InfoSecCD '05.
[57] Mariano Ceccato,et al. Security Testing of Web Applications: A Search-Based Approach for Cross-Site Scripting Vulnerabilities , 2011, 2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation.
[58] Michael D. Ernst,et al. Automatic creation of SQL Injection and cross-site scripting attacks , 2009, 2009 IEEE 31st International Conference on Software Engineering.
[59] Dwen-Ren Tsai,et al. Optimum tuning of defense settings for common attacks on the web applications , 2009, 43rd Annual 2009 International Carnahan Conference on Security Technology.
[60] Tao Xie,et al. Perturbation-based user-input-validation testing of web applications , 2010, J. Syst. Softw..
[61] Lwin Khin Shar,et al. Automated removal of cross site scripting vulnerabilities in web applications , 2012, Inf. Softw. Technol..
[62] Christopher Krügel,et al. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.
[63] Amir Herzberg,et al. Off-Path Attacking the Web , 2012, WOOT.
[64] Joachim Posegga,et al. XSSDS: Server-Side Detection of Cross-Site Scripting Attacks , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).
[65] Massimo Franceschet,et al. The role of conference publications in CS , 2010, Commun. ACM.
[66] Anna Cinzia Squicciarini,et al. XSS-Dec: A Hybrid Solution to Mitigate Cross-Site Scripting Attacks , 2012, DBSec.
[67] Mohammad Zulkernine,et al. Trustworthiness testing of phishing websites: A behavior model-based approach , 2012, Future Gener. Comput. Syst..
[68] Giovanni Agosta,et al. Automated Security Analysis of Dynamic Web Applications through Symbolic Code Execution , 2012, 2012 Ninth International Conference on Information Technology - New Generations.
[69] Christopher Krügel,et al. Precise alias analysis for static detection of web application vulnerabilities , 2006, PLAS '06.
[70] Joachim Posegga,et al. Secure Code Generation for Web Applications , 2010, ESSoS.
[71] Jeremiah Grossman,et al. XSS Attacks: Cross Site Scripting Exploits and Defense , 2007 .
[72] Hiroshi Doi,et al. An Implementation of the Binding Mechanism in the Web Browser for Preventing XSS Attacks: Introducing the Bind-Value Headers , 2009, 2009 International Conference on Availability, Reliability and Security.
[73] Giuseppe A. Di Lucca,et al. Identifying cross site scripting vulnerabilities in Web applications , 2004, Proceedings. Sixth IEEE International Workshop on Web Site Evolution.
[74] R. Priyadarshini,et al. A cross platform intrusion detection system using inter server communication technique , 2011, 2011 International Conference on Recent Trends in Information Technology (ICRTIT).
[75] Anh Nguyen-Tuong,et al. Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.
[76] Joaquín García Alfaro,et al. Prevention of Cross-Site Scripting Attacks on Current Web Applications , 2007 .
[77] Martin Johns. SessionSafe: Implementing XSS Immune Session Handling , 2006, ESORICS.
[78] Dawn Xiaodong Song,et al. Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense , 2009, NDSS.
[79] Zhendong Su,et al. Static detection of cross-site scripting vulnerabilities , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.
[80] Lwin Khin Shar,et al. Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities , 2012, 2012 34th International Conference on Software Engineering (ICSE).
[81] Xiang Chen,et al. D-WAV: A Web Application Vulnerabilities Detection Tool Using Characteristics of Web Forms , 2010, 2010 Fifth International Conference on Software Engineering Advances.
[82] Zhendong Su,et al. Client-Side Detection of XSS Worms by Monitoring Payload Propagation , 2009, ESORICS.
[83] Mohammad Zulkernine,et al. Injecting Comments to Detect JavaScript Code Injection Attacks , 2011, 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops.
[84] Jörg Schwenk,et al. All your clouds are belong to us: security analysis of cloud management interfaces , 2011, CCSW '11.
[85] Hao Chen,et al. Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks , 2009, NDSS.
[86] Youki Kadobayashi,et al. A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability , 2004, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004..
[87] Lwin Khin Shar,et al. Auditing the defense against cross site scripting in web applications , 2010, 2010 International Conference on Security and Cryptography (SECRYPT).
[88] David Sands,et al. Lightweight self-protecting JavaScript , 2009, ASIACCS '09.
[89] Liam Peyton,et al. Model-Based Penetration Test Framework for Web Applications Using TTCN-3 , 2009, MCETECH.
[90] Elena Castro,et al. A multi-agent scanner to detect stored-XSS vulnerabilities , 2010, 2010 International Conference for Internet Technology and Secured Transactions.
[91] Hao Chen,et al. Noncespaces: Using randomization to defeat cross-site scripting attacks , 2012, Comput. Secur..
[92] Mariano Ceccato,et al. Towards security testing with taint analysis and genetic algorithms , 2010, SESS '10.
[93] Evangelos P. Markatos,et al. Hunting Cross-Site Scripting Attacks in the Network , 2010 .
[94] Avik Chaudhuri,et al. Symbolic security analysis of ruby-on-rails web applications , 2010, CCS '10.
[95] Erwin Adi. A design of a proxy inspired from human immune system to detect SQL Injection and Cross-Site Scripting , 2012 .
[96] Lwin Khin Shar,et al. Predicting common web application vulnerabilities from input validation and sanitization code patterns , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.
[97] Lwin Khin Shar,et al. Auditing the XSS defence features implemented in web application programs , 2012, IET Softw..
[98] Vinod Yegneswaran,et al. Poster: a path-cutting approach to blocking XSS worms in social web networks , 2011, CCS '11.
[99] M. Ponnavaikko,et al. XSS Application Worms: New Internet Infestation and Optimized Protective Measures , 2007, Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007).
[100] Joseph Y. Halpern,et al. Journals for certification, conferences for rapid dissemination , 2011, CACM.
[101] Benjamin Livshits,et al. SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications , 2011, CCS '11.
[102] Benjamin Livshits,et al. Fast and Precise Sanitizer Analysis with BEK , 2011, USENIX Security Symposium.
[103] Didier Colle,et al. 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS) , 2015 .
[104] Christopher Krügel,et al. Noxes: a client-side solution for mitigating cross-site scripting attacks , 2006, SAC '06.
[105] M. Ponnavaikko,et al. Behavior-Based Anomaly Detection on the Server Side to Reduce the Effectiveness of Cross Site Scripting Vulnerabilities , 2007, Third International Conference on Semantics, Knowledge and Grid (SKG 2007).
[106] Christopher Krügel,et al. SWAP: Mitigating XSS attacks using a reverse proxy , 2009, 2009 ICSE Workshop on Software Engineering for Secure Systems.
[107] Yasuhiko Minamide,et al. Static approximation of dynamically generated Web pages , 2005, WWW '05.
[108] Pankaj Sharma,et al. Integrated approach to prevent SQL injection attack and reflected cross site scripting attack , 2012, Int. J. Syst. Assur. Eng. Manag..
[109] D. Arulsuju. Hunting malicious attacks in social networks , 2011, 2011 Third International Conference on Advanced Computing.
[110] M. Ponnavaikko,et al. Risk mitigation for cross site scripting attacks using signature based model on the server side , 2007, Second International Multi-Symposiums on Computer and Computational Sciences (IMSCCS 2007).
[111] Christopher Krügel,et al. SecuBat: a web vulnerability scanner , 2006, WWW '06.
[112] Ali Selamat,et al. Information and Software Technology , 2014 .
[113] Hossein Saidi,et al. Social Networks' XSS Worms , 2009, 2009 International Conference on Computational Science and Engineering.
[114] Pearl Brereton,et al. Protocol for a Tertiary study of Systematic Literature Reviews and Evidence-based Guidelines in IT and Software Engineering , 2009 .
[115] Keqin Li,et al. Towards Security Vulnerability Detection by Source Code Model Checking , 2010, 2010 Third International Conference on Software Testing, Verification, and Validation Workshops.
[116] Xu Jing,et al. MBDS: Model-based detection system for Cross Site Scripting , 2007 .
[117] Zhenfu Cao,et al. L-WMxD: Lexical based Webmail XSS Discoverer , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).
[118] Florian Kerschbaum,et al. Simple cross-site attack prevention , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.
[119] Monica S. Lam,et al. Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking , 2008, USENIX Security Symposium.
[120] Jan-Min Chen,et al. An automated vulnerability scanner for injection attack based on injection point , 2010, 2010 International Computer Symposium (ICS2010).
[121] Shiuh-Jeng Wang,et al. Investigations in Cross-site Script on Web-systems Gathering Digital Evidence against Cyber-Intrusions , 2007, Future Generation Communication and Networking (FGCN 2007).
[122] Benedict G. E. Wiedemann. Protection? , 1998, Science.
[123] Wouter Joosen,et al. SessionShield: Lightweight Protection against Session Hijacking , 2011, ESSoS.
[124] S. Usha,et al. Prevention Of Cross-Site Scripting Attacks (XSS) On Web Applications In The Client Side , 2011 .
[125] William K. Robertson,et al. Preventing Input Validation Vulnerabilities in Web Applications through Automated Type Analysis , 2012, 2012 IEEE 36th Annual Computer Software and Applications Conference.