Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
暂无分享,去创建一个
Christopher Krügel | Giovanni Vigna | Engin Kirda | Davide Balzarotti | Nenad Jovanovic | Marco Cova | Viktoria Felmetsger | Christopher Krügel | N. Jovanovic | E. Kirda | D. Balzarotti | M. Cova | Viktoria Felmetsger | G. Vigna | N. Jovanović
[1] Dawson R. Engler,et al. Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.
[2] Anh Nguyen-Tuong,et al. Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.
[3] Andrew C. Myers,et al. Jif: java information flow , 1999 .
[4] Christopher Krügel,et al. Precise alias analysis for static detection of web application vulnerabilities , 2006, PLAS '06.
[5] Aske Simon Christensen,et al. Precise Analysis of String Expressions , 2003, SAS.
[6] Michael Franz,et al. Dynamic taint propagation for Java , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).
[7] ChouAndy,et al. Bugs as deviant behavior , 2001 .
[8] Monica S. Lam,et al. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams , 2004, PLDI '04.
[9] Richard Sproat,et al. An Efficient Compiler for Weighted Rewrite Rules , 1996, ACL.
[10] Chris Anley,et al. Advanced SQL Injection In SQL Server Applications , 2002 .
[11] Mary Lou Soffa,et al. Interprocedual data flow testing , 1989 .
[12] Trent Jaeger,et al. Using CQUAL for Static Analysis of Authorization Hook Placement , 2002, USENIX Security Symposium.
[13] Yasuhiko Minamide. Static approximation of dynamically generated Web pages , 2005, WWW '05.
[14] Elaine J. Weyuker,et al. Selecting Software Test Data Using Data Flow Information , 1985, IEEE Transactions on Software Engineering.
[15] Dawson R. Engler,et al. Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.
[16] Kevin C. Almeroth,et al. SNOOZE: Toward a Stateful NetwOrk prOtocol fuzZEr , 2006, ISC.
[17] D. T. Lee,et al. Securing web application code by static analysis and runtime protection , 2004, WWW '04.
[18] Andrew C. Myers,et al. JFlow: practical mostly-static information flow control , 1999, POPL '99.
[19] Dawson R. Engler,et al. Using programmer-written compiler extensions to catch security holes , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.
[20] David A. Wagner,et al. Finding User/Kernel Pointer Bugs with Type Inference , 2004, USENIX Security Symposium.
[21] hackerxwar. 编写搜索型Blind SQL Injection工具 , 2009 .
[22] Alessandro Orso,et al. AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.
[23] Jesse Liberty,et al. Programming ASP.NET , 2002 .
[24] D. T. Lee,et al. Verifying Web applications using bounded model checking , 2004, International Conference on Dependable Systems and Networks, 2004.
[25] Christopher Krügel,et al. SecuBat: a web vulnerability scanner , 2006, WWW '06.
[26] Alexander Aiken,et al. Static Detection of Security Vulnerabilities in Scripting Languages , 2006, USENIX Security Symposium.
[27] Zhendong Su,et al. The essence of command injection attacks in web applications , 2006, POPL '06.
[28] Amit Klein,et al. Cross Site Scripting Explained , 2002 .
[29] Christopher Krügel,et al. Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).
[30] Zhendong Su,et al. Sound and precise analysis of web applications for injection vulnerabilities , 2007, PLDI '07.
[31] Benjamin Livshits,et al. Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.
[32] Tadeusz Pietraszek,et al. Defending Against Injection Attacks Through Context-Sensitive String Evaluation , 2005, RAID.
[33] David A. Wagner,et al. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .
[34] Gregg Rothermel,et al. Performing data flow testing on classes , 1994, SIGSOFT '94.
[35] Alexander Aiken,et al. A theory of type qualifiers , 1999, PLDI '99.
[36] Shih-Kun Huang,et al. Web application security assessment by fault injection and behavior monitoring , 2003, WWW '03.