Defending web vulnerabilities against code injection attacks

[1]  Prateek Saxena,et al.  An Empirical Analysis of XSS Sanitization in Web Application Frameworks , 2011 .

[2]  Md Rafiqul Islam,et al.  Detecting SQL injection attacks using SNORT IDS , 2014, Asia-Pacific World Congress on Computer Science and Engineering.

[3]  M. L. Dhore,et al.  CIDT: Detection of Malicious Code Injection Attacks on Web Application , 2012 .

[4]  Nalini A. Mhetre,et al.  A novel approach for detection of SQL injection and cross site scripting attacks , 2015, 2015 International Conference on Pervasive Computing (ICPC).

[5]  Ali Selamat,et al.  Topic detections in Arabic Dark websites using improved Vector Space Model , 2012, 2012 4th Conference on Data Mining and Optimization (DMO).

[6]  -. THesketh,et al.  Rule generalisation in intrusion detection systems using SNORT , 2008, Int. J. Electron. Secur. Digit. Forensics.

[7]  Ziming Zhao,et al.  Using instruction sequence abstraction for shellcode detection and attribution , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[8]  Izzat Alsmadi,et al.  Textual Manipulation for SQL Injection Attacks , 2013 .

[9]  Miguel Correia,et al.  Using Attack Injection to Discover New Vulnerabilities , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[10]  Miguel Correia,et al.  Automatic detection and correction of web application vulnerabilities using data mining to predict false positives , 2014, WWW.

[11]  Frank Piessens,et al.  Code Pointer Masking: Hardening Applications against Code Injection Attacks , 2011, DIMVA.

[12]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[13]  Miao Liu,et al.  A Web Second-Order Vulnerabilities Detection Method , 2018, IEEE Access.

[14]  Ravishankar K. Iyer,et al.  NFTAPE: a framework for assessing dependability in distributed systems with lightweight fault injectors , 2000, Proceedings IEEE International Computer Performance and Dependability Symposium. IPDS 2000.

[15]  Izzat Alsmadi,et al.  Efficient Assessment and Evaluation for Websites Vulnerabilities Using SNORT , 2013 .

[16]  Marco Vieira,et al.  Mapping software faults with web security vulnerabilities , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[17]  Dawn Xiaodong Song,et al.  A Systematic Analysis of XSS Sanitization in Web Application Frameworks , 2011, ESORICS.

[18]  Hussein Alnabulsi,et al.  A novel algorithm to protect code injection attacks , 2017 .

[19]  Yang Yi,et al.  Reservoir Computing Meets Smart Grids: Attack Detection Using Delayed Feedback Networks , 2018, IEEE Transactions on Industrial Informatics.

[20]  Marco Vieira,et al.  Vulnerability & attack injection for web applications , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[21]  Janez Demsar,et al.  Statistical Comparisons of Classifiers over Multiple Data Sets , 2006, J. Mach. Learn. Res..

[22]  Marco Balduzzi,et al.  Attacks landscape in the dark side of the web , 2017, SAC.

[23]  Frank Piessens,et al.  CPM: Masking Code Pointers to Prevent Code Injection Attacks , 2013, TSEC.

[24]  Li Fan,et al.  Dark web forums portal: Searching and analyzing jihadist forums , 2009, 2009 IEEE International Conference on Intelligence and Security Informatics.

[25]  Calton Pu,et al.  Protecting Systems from Stack Smashing Attacks with StackGuard , 1999 .

[26]  Monark Bag,et al.  Cascading of C4.5 Decision Tree and Support Vector Machine for Rule Based Intrusion Detection System , 2012 .

[27]  Mohammad Alshraideh,et al.  Detecting and Preventing SQL Injection Attacks: A Formal Approach , 2016, 2016 Cybersecurity and Cyberforensics Conference (CCC).

[28]  Zhoujun Li,et al.  SQL Injection Detection with Composite Kernel in Support Vector Machine , 2012 .

[29]  Yiannis Kompatsiaris,et al.  Hybrid Focused Crawling for Homemade Explosives Discovery on Surface and Dark Web , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[30]  Sancheng Peng,et al.  Detection and Prevention of Code Injection Attacks on HTML5-Based Apps , 2015, 2015 Third International Conference on Advanced Cloud and Big Data.

[31]  Wouter Joosen,et al.  Extended Protection against Stack Smashing Attacks without Performance Loss , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[32]  Zhi-jian Wang,et al.  Notice of RetractionA Static Analysis Tool for Detecting Web Application Injection Vulnerabilities for ASP Program , 2010, 2010 2nd International Conference on E-business and Information System Security.

[33]  Eduardo Fidalgo,et al.  Classifying Illegal Activities on Tor Network Based on Web Textual Contents , 2017, EACL.

[34]  Marco Vieira,et al.  Training Security Assurance Teams Using Vulnerability Injection , 2008, 2008 14th IEEE Pacific Rim International Symposium on Dependable Computing.

[35]  Yutao Liu,et al.  CFIMon: Detecting violation of control flow integrity using performance counters , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[36]  Mihai Budiu,et al.  Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[37]  Ahmad-Reza Sadeghi,et al.  MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones , 2012, NDSS.

[38]  Ollie Whitehouse An Analysis of Address Space Layout Randomization on Windows Vista , 2007 .

[39]  Marco Vieira,et al.  Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks , 2007 .

[40]  Gerardo Richarte Four dierent tricks to bypass StackShield and StackGuard protection , 2002, WWW 2002.

[41]  Hazem Hatamleh,et al.  Review and Measuring the Efficiency of SQL Injection Method in Preventing E-Mail Hacking , 2012 .

[42]  Hsinchun Chen,et al.  IEDs in the Dark Web: Genre classification of improvised explosive device web pages , 2008, 2008 IEEE International Conference on Intelligence and Security Informatics.

[43]  Christopher Krügel,et al.  Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[44]  Hussein Alnabulsi,et al.  Identification of susceptible websites from code injection attack , 2017, ICML 2017.

[45]  Chao Zhang,et al.  Practical Control Flow Integrity and Randomization for Binary Executables , 2013, 2013 IEEE Symposium on Security and Privacy.

[46]  M. E. Kabay,et al.  Writing Secure Code , 2015 .

[47]  M. Hemalatha,et al.  Effective approach toward Intrusion Detection System using data mining techniques , 2014 .

[48]  V. N. Venkatakrishnan,et al.  XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks , 2008, DIMVA.

[49]  Steven T. Eckmann Translating Snort rules to STATL scenarios , 2001 .

[50]  M. Indra Devi,et al.  Hybrid SQL injection detection system , 2016, 2016 3rd International Conference on Advanced Computing and Communication Systems (ICACCS).

[51]  Sheng Jiang,et al.  Design of automatic vulnerability detection system for Web application program , 2013, 2013 IEEE 4th International Conference on Software Engineering and Service Science.

[52]  Mazdak Zamani,et al.  SQL injection vulnerability general patch using header sanitization , 2014, 2014 International Conference on Computer, Communications, and Control Technology (I4CT).

[53]  Ammar Alazab,et al.  New Strategy for Mitigating of SQL Injection Attack , 2016 .

[54]  Bill Chu,et al.  Detecting Cross-Site Scripting Vulnerabilities through Automated Unit Testing , 2017, 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS).

[55]  William K. Robertson,et al.  Preventing Input Validation Vulnerabilities in Web Applications through Automated Type Analysis , 2012, 2012 IEEE 36th Annual Computer Software and Applications Conference.

[56]  Hussein Alnabulsi,et al.  GMSA: Gathering Multiple Signatures Approach to Defend Against Code Injection Attacks , 2018, IEEE Access.

[57]  M. Indra Devi,et al.  Fragmented query parse tree based SQL injection detection system for web applications , 2016, 2016 International Conference on Computing Technologies and Intelligent Data Engineering (ICCTIDE'16).

[58]  Daniel C. DuVarney,et al.  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.

[59]  John C. Mitchell,et al.  State of the Art: Automated Black-Box Web Application Vulnerability Testing , 2010, 2010 IEEE Symposium on Security and Privacy.

[60]  Sainath Patil Assi Honeyweb : a web-based high interaction client honeypot , 2012 .

[61]  Richard Frank,et al.  Surfacing collaborated networks in dark web to find illicit and criminal content , 2016, 2016 IEEE Conference on Intelligence and Security Informatics (ISI).

[62]  Qi Li,et al.  Research on SQL Injection Vulnerability Attack model , 2018, 2018 5th IEEE International Conference on Cloud Computing and Intelligence Systems (CCIS).