Toward Automated Detection of Logic Vulnerabilities in Web Applications
暂无分享,去创建一个
Christopher Krügel | Giovanni Vigna | Viktoria Felmetsger | Ludovico Cavedon | Christopher Krügel | Viktoria Felmetsger | G. Vigna | Ludovico Cavedon
[1] Alessandro Orso,et al. AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.
[2] Amit Klein,et al. Cross Site Scripting Explained , 2002 .
[3] Christopher Krügel,et al. Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).
[4] hackerxwar. 编写搜索型Blind SQL Injection工具 , 2009 .
[5] Shriram Krishnamurthi,et al. Using static analysis for Ajax intrusion detection , 2009, WWW '09.
[6] Stephen McCamant,et al. The Daikon system for dynamic detection of likely invariants , 2007, Sci. Comput. Program..
[7] Giovanni Vigna,et al. Multi-module vulnerability analysis of web-based applications , 2007, CCS '07.
[8] L. V. Satyanarayana,et al. STATIC ANALYSIS TOOL FOR DETECTING WEB APPLICATION VULNERABILITIES , 2011 .
[9] Arati Baliga,et al. Automatic Inference and Enforcement of Kernel Data Structure Invariants , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).
[10] Giovanni Vigna,et al. Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications , 2007, RAID.
[11] Dawson R. Engler,et al. Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.
[12] Monica S. Lam,et al. Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking , 2008, USENIX Security Symposium.
[13] Yannis Smaragdakis,et al. DSD-Crasher: A hybrid analysis tool for bug finding , 2006, TSEM.
[14] Mattia Monga,et al. On Race Vulnerabilities in Web Applications , 2008, DIMVA.
[15] Chris Anley,et al. Advanced SQL Injection In SQL Server Applications , 2002 .
[16] Benjamin Livshits,et al. Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.
[17] James R. Larus,et al. Mining specifications , 2002, POPL '02.
[18] Corina S. Pasareanu,et al. JPF-SE: A Symbolic Execution Extension to Java PathFinder , 2007, TACAS.
[19] Tadeusz Pietraszek,et al. Defending Against Injection Attacks Through Context-Sensitive String Evaluation , 2005, RAID.
[20] Zhendong Su,et al. The essence of command injection attacks in web applications , 2006, POPL '06.
[21] Dawson R. Engler,et al. From uncertainty to belief: inferring the specification within , 2006, OSDI '06.
[22] Xiao Ma,et al. AutoISES: Automatically Inferring Security Specification and Detecting Violations , 2008, USENIX Security Symposium.
[23] Alexander Aiken,et al. Static Detection of Security Vulnerabilities in Scripting Languages , 2006, USENIX Security Symposium.
[24] Klaus Havelund,et al. Model Checking Programs , 2004, Automated Software Engineering.
[25] Anh Nguyen-Tuong,et al. Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.
[26] Vitaly Shmatikov,et al. Efficient , Context-Sensitive Detection of Semantic Attacks , 2009 .
[27] D. T. Lee,et al. Securing web application code by static analysis and runtime protection , 2004, WWW '04.
[28] Tao Xie,et al. DSD-Crasher: A hybrid analysis tool for bug finding , 2008 .
[29] Michael D. Ernst,et al. Static verification of dynamically detected program invariants: Integrating Daikon and ESC/Java , 2001, RV@CAV.