FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications
暂无分享,去创建一个
[1] Zhendong Su,et al. The essence of command injection attacks in web applications , 2006, POPL '06.
[2] D. T. Lee,et al. Securing web application code by static analysis and runtime protection , 2004, WWW '04.
[3] R. Sekar. An Efficient Black-box Technique for Defeating Web Application Attacks , 2009, NDSS.
[4] Martin Paul Eve,et al. XSS Cheat Sheet , 2007 .
[5] John C. Mitchell,et al. Characterizing Bots' Remote Control Behavior , 2007, DIMVA.
[6] Westley Weimer,et al. A decision procedure for subset constraints over regular languages , 2009, PLDI '09.
[7] Christopher Krügel,et al. Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).
[8] Helen J. Wang,et al. Protection and communication abstractions for web browsers in MashupOS , 2007, SOSP.
[9] Ajay Chander,et al. JavaScript instrumentation for browser security , 2007, POPL '07.
[10] Anh Nguyen-Tuong,et al. Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.
[11] Monica S. Lam,et al. Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking , 2008, USENIX Security Symposium.
[12] V. N. Venkatakrishnan,et al. XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks , 2008, DIMVA.
[13] Sorin Lerner,et al. Staged information flow for javascript , 2009, PLDI '09.
[14] Christopher Krügel,et al. Noxes: a client-side solution for mitigating cross-site scripting attacks , 2006, SAC '06.
[15] Christopher Krügel,et al. Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).
[16] Dawson R. Engler,et al. EXE: Automatically Generating Inputs of Death , 2008, TSEC.
[17] Wei Xu,et al. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks , 2006, USENIX Security Symposium.
[18] Collin Jackson,et al. Robust defenses for cross-site request forgery , 2008, CCS.
[19] Dawson R. Engler,et al. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.
[20] V. N. Venkatakrishnan,et al. Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[21] Yi-Min Wang,et al. An analysis of browser domain-isolation bugs and a light-weight transparent defense mechanism , 2007, CCS '07.
[22] Christopher Krügel,et al. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.
[23] Dawn Xiaodong Song,et al. Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense , 2009, NDSS.
[24] Collin Jackson,et al. Securing frame communication in browsers , 2008, CACM.
[25] Hao Chen,et al. Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks , 2009, NDSS.
[26] Benjamin Livshits,et al. GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code , 2009, USENIX Security Symposium.
[27] Dawn Xiaodong Song,et al. Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[28] Sanjit A. Seshia,et al. On the Computational Complexity of Satisfiability Solving for String Theories , 2009, ArXiv.
[29] Michael D. Ernst,et al. HAMPI: a solver for string constraints , 2009, ISSTA.
[30] Tzi-cker Chiueh,et al. Dynamic multi-process information flow tracking for web application security , 2007, MC '07.
[31] Angelos D. Keromytis,et al. SQLrand: Preventing SQL Injection Attacks , 2004, ACNS.
[32] Nikolaj Bjørner,et al. Path Feasibility Analysis for String-Manipulating Programs , 2009, TACAS.
[33] Hiroshi Inamura,et al. Dynamic test input generation for web applications , 2008, ISSTA '08.
[34] James Newsome,et al. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.
[35] Koushik Sen,et al. DART: directed automated random testing , 2005, PLDI '05.
[36] Martin C. Rinard,et al. Taint-based directed whitebox fuzzing , 2009, 2009 IEEE 31st International Conference on Software Engineering.