SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications
暂无分享,去创建一个
[1] G. Broll,et al. Microsoft Corporation , 1999 .
[2] Benjamin Livshits,et al. Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.
[3] Michael Franz,et al. Dynamic taint propagation for Java , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).
[4] Anh Nguyen-Tuong,et al. Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.
[5] Tadeusz Pietraszek,et al. Defending Against Injection Attacks Through Context-Sensitive String Evaluation , 2005, RAID.
[6] Christopher Krügel,et al. Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).
[7] Alexander Aiken,et al. Static Detection of Security Vulnerabilities in Scripting Languages , 2006, USENIX Security Symposium.
[8] Wei Xu,et al. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks , 2006, USENIX Security Symposium.
[9] Yi-Min Wang,et al. An analysis of browser domain-isolation bugs and a light-weight transparent defense mechanism , 2007, CCS '07.
[10] Alessandro Orso,et al. WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation , 2008, IEEE Transactions on Software Engineering.
[11] V. N. Venkatakrishnan,et al. XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks , 2008, DIMVA.
[12] Christopher Krügel,et al. Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).
[13] Michael D. Ernst,et al. HAMPI: a solver for string constraints , 2009, ISSTA.
[14] Hao Chen,et al. Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks , 2009, NDSS.
[15] V. N. Venkatakrishnan,et al. Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[16] Dawn Xiaodong Song,et al. Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense , 2009, NDSS.
[17] Trishul M. Chilimbi,et al. HOLMES: Effective statistical debugging via efficient path profiling , 2009, 2009 IEEE 31st International Conference on Software Engineering.
[18] Dan Boneh,et al. XCS: cross channel scripting and its impact on web applications , 2009, CCS.
[19] Benjamin Livshits,et al. Merlin: specification inference for explicit information flow problems , 2009, PLDI '09.
[20] David Brumley,et al. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.
[21] Collin Jackson,et al. Regular expressions considered harmful in client-side XSS filters , 2010, WWW '10.
[22] B. Livshits,et al. Decision Procedures for Composition and Equivalence of Symbolic Finite State Transducers , 2011 .
[23] Engin Kirda,et al. Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications , 2011, NDSS.
[24] Benjamin Livshits,et al. Fast and Precise Sanitizer Analysis with BEK , 2011, USENIX Security Symposium.