Web Application Security Attacks and Countermeasures

[1]  David H. Ackley,et al.  Randomized instruction set emulation to disrupt binary code injection attacks , 2003, CCS '03.

[2]  Altair Olivo Santin,et al.  Mitigating XML Injection 0-Day Attacks through Strategy-Based Detection Systems , 2013, IEEE Security & Privacy.

[3]  Michal Choras,et al.  Correlation Approach for SQL Injection Attacks Detection , 2012, CISIS/ICEUTE/SOCO Special Sessions.

[4]  S. Swamynathan,et al.  XIVD: Runtime Detection of XPath Injection Vulnerabilities in XML Databases through Aspect Oriented Programming , 2011 .

[5]  Nuno Laranjeiro,et al.  Protecting Database Centric Web Services against SQL/XPath Injection Attacks , 2009, DEXA.

[6]  Muhammad Asif,et al.  Evaluation of OpenID-Based Double-Factor Authentication for Preventing Session Hijacking in Web Applications , 2012, J. Comput..

[7]  Patrick Traynor,et al.  One-time cookies: Preventing session hijacking attacks with stateless authentication tokens , 2012, TOIT.

[8]  Biplab Sikdar,et al.  Wavelet Based Detection of Session Hijacking Attacks in Wireless Networks , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[9]  Joachim Posegga,et al.  Session Fixation - The Forgotten Vulnerability? , 2010, Sicherheit.

[10]  Niels Provos,et al.  SHELLOS: Enabling Fast Detection and Forensic Analysis of Code Injection Attacks , 2011, USENIX Security Symposium.

[11]  Wouter Joosen,et al.  SessionShield: Lightweight Protection against Session Hijacking , 2011, ESSoS.

[12]  Joachim Posegga,et al.  Reliable protection against session fixation attacks , 2011, SAC.

[13]  P. O. Asagba,et al.  A PROPOSED ARCHITECTURE FOR DEFENDING AGAINST COMMAND INJECTION ATTACKS IN A DISTRIBUTED NETWORK ENVIRONMENT , 2011 .

[14]  Al-Sakib Khan Pathan,et al.  A survey on SQL injection: Vulnerabilities, attacks, and prevention techniques , 2011, 2011 IEEE 15th International Symposium on Consumer Electronics (ISCE).

[15]  Nuno Laranjeiro,et al.  Effective Detection of SQL/XPath Injection Vulnerabilities in Web Services , 2009, 2009 IEEE International Conference on Services Computing.

[16]  Peter R. Pietzuch,et al.  PHP Aspis: Using Partial Taint Tracking to Protect Against Injection Attacks , 2011, WebApps.

[17]  Alessandro Orso,et al.  A Classification of SQL Injection Attacks and Countermeasures , 2006, ISSSE.

[18]  R. Sekar,et al.  A server- and browser-transparent CSRF defense for web 2.0 applications , 2011, ACSAC '11.

[19]  Hong-Yi Wang,et al.  Grammar Based Testing of HTML Injection Vulnerabilities in RSS Feeds , 2009, 2009 Testing: Academic and Industrial Conference - Practice and Research Techniques.

[20]  Kenji Kono,et al.  Automated detection of session fixation vulnerabilities , 2010, WWW '10.

[21]  Luigi Coppolino,et al.  A Weight-Based Symptom Correlation Approach to SQL Injection Attacks , 2009, 2009 Fourth Latin-American Symposium on Dependable Computing.

[22]  Christopher Krügel,et al.  Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[23]  Yuqing Zhang,et al.  A Client-Based and Server-Enhanced Defense Mechanism for Cross-Site Request Forgery , 2010, RAID.

[24]  Laurie Ann Williams,et al.  Towards a taxonomy of techniques to detect cross-site scripting and SQL injection vulnerabilities , 2008 .

[25]  Nils Gruschka,et al.  A survey of attacks on web services , 2009, Computer Science - Research and Development.

[26]  Mohammad Zulkernine,et al.  Client-Side Detection of Cross-Site Request Forgery Attacks , 2010, 2010 IEEE 21st International Symposium on Software Reliability Engineering.

[27]  Alessandro Orso,et al.  AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.

[28]  Jack W. Davidson,et al.  Secure and practical defense against code-injection attacks using software dynamic translation , 2006, VEE '06.

[29]  Helen J. Wang,et al.  Lightweight server support for browser-based CSRF protection , 2013, WWW.

[30]  S. Swamynathan,et al.  PXpathV: Preventing XPath Injection Vulnerabilities in Web Applications , 2011 .

[31]  Christopher Krügel,et al.  Preventing Cross Site Request Forgery Attacks , 2006, 2006 Securecomm and Workshops.