A Systematic Analysis of XSS Sanitization in Web Application Frameworks
暂无分享,去创建一个
Dawn Xiaodong Song | Prateek Saxena | Joel Weinberger | Devdatta Akhawe | Eui Chul Richard Shin | Matthew Finifter
[1] Benjamin Livshits,et al. Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.
[2] Christopher Krügel,et al. Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).
[3] V. N. Venkatakrishnan,et al. Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[4] Monica S. Lam,et al. Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking , 2008, USENIX Security Symposium.
[5] Collin Jackson,et al. Regular expressions considered harmful in client-side XSS filters , 2010, WWW '10.
[6] Alexander Aiken,et al. Static Detection of Security Vulnerabilities in Scripting Languages , 2006, USENIX Security Symposium.
[7] David Brumley,et al. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.
[8] Christopher Krügel,et al. Noxes: a client-side solution for mitigating cross-site scripting attacks , 2006, SAC '06.
[9] Christopher Krügel,et al. Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).
[10] Prateek Saxena,et al. An Empirical Analysis of XSS Sanitization in Web Application Frameworks , 2011 .
[11] Christopher Krügel,et al. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.
[12] Hisham M. Haddad. Proceedings of the 2006 ACM symposium on Applied computing , 2006, SAC.
[13] Shriram Krishnamurthi,et al. Using static analysis for Ajax intrusion detection , 2009, WWW '09.
[14] Monica S. Lam,et al. InvisiType: Object-Oriented Security Policies , 2010, NDSS.
[15] Michael Hicks,et al. Fable: A Language for Enforcing User-defined Security Policies , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).
[16] Marianne Winslett,et al. Vetting browser extensions for security vulnerabilities with VEX , 2011, CACM.
[17] Martin Paul Eve,et al. XSS Cheat Sheet , 2007 .
[18] David A. Wagner,et al. Efficient character-level taint tracking for Java , 2009, SWS '09.
[19] D. T. Lee,et al. Securing web application code by static analysis and runtime protection , 2004, WWW '04.
[20] Benjamin Livshits,et al. SCRIPTGARD: Preventing Script Injection Attacks in Legacy Web Applications with Automatic Sanitization , 2010 .
[21] Giovanni Vigna,et al. Static Enforcement of Web Application Integrity Through Strong Typing , 2009, USENIX Security Symposium.
[22] Benjamin Livshits,et al. SecuriFly: Runtime Protection and Recovery from Web Application Vulnerabilities , 2006 .
[23] Anh Nguyen-Tuong,et al. Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.
[24] Adam Barth,et al. Protecting Browsers from Extension Vulnerabilities , 2010, NDSS.
[25] Dawn Xiaodong Song,et al. Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense , 2009, NDSS.
[26] Benjamin Livshits,et al. SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications , 2011, CCS '11.
[27] Xin Zheng,et al. Secure web applications via automatic partitioning , 2007, SOSP.
[28] V. N. Venkatakrishnan,et al. XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks , 2008, DIMVA.
[29] Steve Hanna,et al. A Symbolic Execution Framework for JavaScript , 2010, 2010 IEEE Symposium on Security and Privacy.
[30] Steve Hanna,et al. FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications , 2010, NDSS.
[31] Evangelos P. Markatos,et al. xJS: Practical XSS Prevention for Web Application Development , 2010, WebApps.
[32] Dawn Xiaodong Song,et al. Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[33] Matthew Finifter. Exploring the Relationship Between Web Application Development Tools and Security , 2011, WebApps.
[34] Wei Xu,et al. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks , 2006, USENIX Security Symposium.
[35] Adam Barth,et al. Preventing Capability Leaks in Secure JavaScript Subsets , 2010, NDSS.
[36] Marianne Winslett,et al. VEX: Vetting Browser Extensions for Security Vulnerabilities , 2010, USENIX Security Symposium.