A Protection Mechanism against Malicious HTML and JavaScript Code in Vulnerable Web Applications
暂无分享,去创建一个
[1] V. N. Venkatakrishnan,et al. Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[2] P. Saxena,et al. The Emperor ’ s New APIs : On the ( In ) Secure Usage of New Client-side Primitives , 2010 .
[3] Tobias Lauinger,et al. Why Is CSP Failing? Trends and Challenges in CSP Adoption , 2014, RAID.
[4] Dawn Xiaodong Song,et al. A Systematic Analysis of XSS Sanitization in Web Application Frameworks , 2011, ESORICS.
[5] Martin Johns. Script-templates for the Content Security Policy , 2014, J. Inf. Secur. Appl..
[6] David Flanagan,et al. JavaScript: The Definitive Guide , 1996 .
[7] Engin Kirda,et al. Have things changed now? An empirical study on input validation vulnerabilities in web applications , 2012, Comput. Secur..
[8] Sid Stamm,et al. Reining in the web with content security policy , 2010, WWW '10.
[9] Dawn Xiaodong Song,et al. Towards Client-side HTML Security Policies , 2011, HotSec.
[10] Adam Barth,et al. Preventing Capability Leaks in Secure JavaScript Subsets , 2010, NDSS.
[11] Zhenkai Liang,et al. Towards Fine-Grained Access Control in JavaScript Contexts , 2011, 2011 31st International Conference on Distributed Computing Systems.
[12] Hao Chen,et al. Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks , 2009, NDSS.
[13] Dawn Xiaodong Song,et al. Data-Confined HTML5 Applications , 2013, ESORICS.
[14] Wenliang Du,et al. Contego: Capability-based access control for web browsers (Short paper) , 2011, TRUST 2011.
[15] Wouter Joosen,et al. You are what you include: large-scale evaluation of remote javascript inclusions , 2012, CCS.
[16] Kailas Patil,et al. A Measurement Study of the Content Security Policy on Real-World Applications , 2016, Int. J. Netw. Secur..
[17] Ankur Taly,et al. Isolating JavaScript with Filters, Rewriting, and Wrappers , 2009, ESORICS.
[18] Michael Hicks,et al. Defeating script injection attacks with browser-enforced embedded policies , 2007, WWW '07.
[19] Devdatta Akhawe,et al. Towards High Assurance HTML5 Applications , 2014 .
[20] Ashar Javed. CSP AiDer : An Automated Recommendation of Content Security Policy for Web Applications , 2011 .
[21] Mohammad Zulkernine,et al. Effective detection of vulnerable and malicious browser extensions , 2014, Comput. Secur..
[22] Paul C. van Oorschot,et al. SOMA: mutual approval for included content in web pages , 2008, CCS.
[23] Novia Admodisastro,et al. Current state of research on cross-site scripting (XSS) - A systematic literature review , 2015, Inf. Softw. Technol..
[24] Gianluca Stringhini,et al. The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements , 2014, Internet Measurement Conference.
[25] Joe Gibbs Politz,et al. ADsafety: Type-Based Verification of JavaScript Sandboxing , 2011, USENIX Security Symposium.
[26] Dawn Xiaodong Song,et al. Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense , 2009, NDSS.
[27] Haining Wang,et al. Characterizing insecure javascript practices on the web , 2009, WWW '09.
[28] Michael Walfish,et al. Treehouse: Javascript Sandboxes to Help Web Developers Help Themselves , 2012, USENIX Annual Technical Conference.
[29] Brij Bhooshan Gupta,et al. Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art , 2017, Int. J. Syst. Assur. Eng. Manag..
[30] Ping Chen,et al. Security Analysis of the Chinese Web: How well is it protected? , 2014, SafeConfig '14.
[31] Xiaowei Li,et al. A survey on server-side approaches to securing web applications , 2014, ACM Comput. Surv..
[32] Helena Handschuh,et al. Security Analysis of SHA-256 and Sisters , 2003, Selected Areas in Cryptography.
[33] Benjamin Livshits,et al. Fast and Precise Sanitizer Analysis with BEK , 2011, USENIX Security Symposium.