Noncespaces: Using randomization to defeat cross-site scripting attacks
暂无分享,去创建一个
[1] Alexander Aiken,et al. Static Detection of Security Vulnerabilities in Scripting Languages , 2006, USENIX Security Symposium.
[2] Robert A. Martin,et al. Vulnerability Type Distributions in CVE , 2007 .
[3] Úlfar Erlingsson,et al. End-to-End Web Application Security , 2007, HotOS.
[4] Salim Hariri,et al. Randomized Instruction Set Emulation To Disrupt Binary Code Injection Attacks , 2003 .
[5] C. M. Sperberg-McQueen,et al. Extensible markup language , 1997 .
[6] Angelos D. Keromytis,et al. SQLrand: Preventing SQL Injection Attacks , 2004, ACNS.
[7] C. M. Sperberg-McQueen,et al. Extensible Markup Language (XML) , 1997, World Wide Web J..
[8] Sid Stamm,et al. Reining in the web with content security policy , 2010, WWW '10.
[9] Onur Aciiçmez,et al. Alhambra: a system for creating, enforcing, and testing browser security policies , 2010, WWW '10.
[10] Jun Xu,et al. Non-Control-Data Attacks Are Realistic Threats , 2005, USENIX Security Symposium.
[11] S. Hadjiefthymiades,et al. Hypertext Transfer Protocol (HTTP) , 1996 .
[12] Zhendong Su,et al. Static detection of cross-site scripting vulnerabilities , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.
[13] Giovanni Vigna,et al. Static Enforcement of Web Application Integrity Through Strong Typing , 2009, USENIX Security Symposium.
[14] Christopher Krügel,et al. Noxes: a client-side solution for mitigating cross-site scripting attacks , 2006, SAC '06.
[15] Benjamin Livshits,et al. ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser , 2010, 2010 IEEE Symposium on Security and Privacy.
[16] Michael Hicks,et al. Defeating script injection attacks with browser-enforced embedded policies , 2007, WWW '07.
[17] V. N. Venkatakrishnan,et al. Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[18] Roy T. Fielding,et al. Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.
[19] Christopher Krügel,et al. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.
[20] Dirk Fox,et al. Cross Site Scripting (XSS) , 2012, Datenschutz und Datensicherheit - DuD.
[21] Zhendong Su,et al. The essence of command injection attacks in web applications , 2006, POPL '06.
[22] Anh Nguyen-Tuong,et al. Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.
[23] Dawn Xiaodong Song,et al. Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense , 2009, NDSS.
[24] Christian Kirkegaard,et al. Static Analysis for Java Servlets and JSP , 2006, SAS.
[25] Benjamin Livshits,et al. Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.
[26] Christopher Krügel,et al. SWAP: Mitigating XSS attacks using a reverse proxy , 2009, 2009 ICSE Workshop on Software Engineering for Secure Systems.
[27] Steven Pemberton,et al. XHTML™ Modularization 1.1 , 2008 .
[28] Zhendong Su,et al. Sound and precise analysis of web applications for injection vulnerabilities , 2007, PLDI '07.
[29] Angelos D. Keromytis,et al. Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.
[30] Wei Xu,et al. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks , 2006, USENIX Security Symposium.
[31] Hao Chen,et al. Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks , 2009, NDSS.