Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking
暂无分享,去创建一个
[1] James C. Corbett,et al. Bandera: extracting finite-state models from Java source code , 2000, ICSE.
[2] Benjamin Livshits,et al. Reflection Analysis for Java , 2005, APLAS.
[3] Christian Bauer,et al. Hibernate in action , 2005 .
[4] Anh Nguyen-Tuong,et al. Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.
[5] Gerard J. Holzmann,et al. The Model Checker SPIN , 1997, IEEE Trans. Software Eng..
[6] D. T. Lee,et al. Securing web application code by static analysis and runtime protection , 2004, WWW '04.
[7] James Holmes,et al. Struts: The Complete Reference (Osborne Complete Reference Series) , 2004 .
[8] Klaus Havelund,et al. Model Checking Programs , 2004, Automated Software Engineering.
[9] Benjamin Livshits,et al. Context-sensitive program analysis as database queries , 2005, PODS.
[10] D. T. Lee,et al. Verifying Web applications using bounded model checking , 2004, International Conference on Dependable Systems and Networks, 2004.
[11] Roy T. Fielding,et al. Uniform Resource Identifiers (URI): Generic Syntax , 1998, RFC.
[12] Benjamin Livshits,et al. Finding application errors and security flaws using PQL: a program query language , 2005, OOPSLA '05.
[13] Sarfraz Khurshid,et al. Test input generation with java PathFinder , 2004, ISSTA '04.
[14] Koushik Sen,et al. DART: directed automated random testing , 2005, PLDI '05.
[15] Herbert Schildt,et al. Struts : the complete reference , 2004 .
[16] Sarfraz Khurshid,et al. Korat: automated testing based on Java predicates , 2002, ISSTA '02.
[17] Zhendong Su,et al. The essence of command injection attacks in web applications , 2006, POPL '06.
[18] Michael Hicks,et al. Defeating script injection attacks with browser-enforced embedded policies , 2007, WWW '07.
[19] David Hovemeyer,et al. Finding bugs is easy , 2004, SIGP.
[20] Dawson R. Engler,et al. A system and language for building system-specific, static analyses , 2002, PLDI '02.
[21] Junfeng Yang,et al. Automatically generating malicious disks using symbolic execution , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).
[22] Edith Schonberg,et al. SABER: smart analysis based error reduction , 2004, ISSTA '04.
[23] Dawson R. Engler,et al. Proceedings of the 5th Symposium on Operating Systems Design and Implementation Cmc: a Pragmatic Approach to Model Checking Real Code , 2022 .
[24] Zhendong Su,et al. Sound and precise analysis of web applications for injection vulnerabilities , 2007, PLDI '07.
[25] Monica S. Lam,et al. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams , 2004, PLDI '04.
[26] Michael Benedikt,et al. VeriWeb: Automatically Testing Dynamic Web Sites , 2002 .
[27] Gary McGraw,et al. Exploiting Software: How to Break Code , 2004 .
[28] Dawson R. Engler,et al. EXE: automatically generating inputs of death , 2006, CCS '06.
[29] Jack Dongarra,et al. MPI: The Complete Reference , 1996 .
[30] Junfeng Yang,et al. Using model checking to find serious file system errors , 2004, TOCS.