An Empirical Analysis of XSS Sanitization in Web Application Frameworks
暂无分享,去创建一个
[1] David Brumley,et al. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.
[2] Benjamin Livshits,et al. SecuriFly: Runtime Protection and Recovery from Web Application Vulnerabilities , 2006 .
[3] Wei Xu,et al. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks , 2006, USENIX Security Symposium.
[4] Zhendong Su,et al. Sound and precise analysis of web applications for injection vulnerabilities , 2007, PLDI '07.
[5] Benjamin Livshits,et al. ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser , 2010, 2010 IEEE Symposium on Security and Privacy.
[6] D. T. Lee,et al. Securing web application code by static analysis and runtime protection , 2004, WWW '04.
[7] Benjamin Livshits,et al. SCRIPTGARD: Preventing Script Injection Attacks in Legacy Web Applications with Automatic Sanitization , 2010 .
[8] Giovanni Vigna,et al. Static Enforcement of Web Application Integrity Through Strong Typing , 2009, USENIX Security Symposium.
[9] Collin Jackson,et al. Protecting browsers from cross-origin CSS attacks , 2010, CCS '10.
[10] Shriram Krishnamurthi,et al. Using static analysis for Ajax intrusion detection , 2009, WWW '09.
[11] Xin Zheng,et al. Secure web applications via automatic partitioning , 2007, SOSP.
[12] Alexander Aiken,et al. Static Detection of Security Vulnerabilities in Scripting Languages , 2006, USENIX Security Symposium.
[13] Ankur Taly,et al. Object Capabilities and Isolation of Untrusted Web Applications , 2010, 2010 IEEE Symposium on Security and Privacy.
[14] Benjamin Livshits,et al. Merlin: specification inference for explicit information flow problems , 2009, PLDI '09.
[15] Dawn Xiaodong Song,et al. Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[16] Adam Barth,et al. Protecting Browsers from Extension Vulnerabilities , 2010, NDSS.
[17] R. Sekar. An Efficient Black-box Technique for Defeating Web Application Attacks , 2009, NDSS.
[18] David A. Wagner,et al. Efficient character-level taint tracking for Java , 2009, SWS '09.
[19] Westley Weimer,et al. A decision procedure for subset constraints over regular languages , 2009, PLDI '09.
[20] V. N. Venkatakrishnan,et al. XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks , 2008, DIMVA.
[21] Monica S. Lam,et al. InvisiType: Object-Oriented Security Policies , 2010, NDSS.
[22] Steve Hanna,et al. A Symbolic Execution Framework for JavaScript , 2010, 2010 IEEE Symposium on Security and Privacy.
[23] Zhendong Su,et al. The essence of command injection attacks in web applications , 2006, POPL '06.
[24] Christopher Krügel,et al. Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).
[25] Anh Nguyen-Tuong,et al. Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.
[26] Dawn Xiaodong Song,et al. Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense , 2009, NDSS.
[27] Michael D. Ernst,et al. HAMPI: a solver for string constraints , 2009, ISSTA.
[28] Monica S. Lam,et al. Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking , 2008, USENIX Security Symposium.
[29] V. N. Venkatakrishnan,et al. Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[30] Christopher Krügel,et al. Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).
[31] Steve Hanna,et al. FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications , 2010, NDSS.
[32] Collin Jackson,et al. Regular expressions considered harmful in client-side XSS filters , 2010, WWW '10.
[33] Michael Hicks,et al. Fable: A Language for Enforcing User-defined Security Policies , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).
[34] Helen J. Wang,et al. Protection and communication abstractions for web browsers in MashupOS , 2007, SOSP.
[35] Adam Barth,et al. Preventing Capability Leaks in Secure JavaScript Subsets , 2010, NDSS.
[36] Marianne Winslett,et al. VEX: Vetting Browser Extensions for Security Vulnerabilities , 2010, USENIX Security Symposium.