We Still Don't Have Secure Cross-Domain Requests: an Empirical Study of CORS
暂无分享,去创建一个
Jian Jiang | Hai-Xin Duan | Vern Paxson | Min Yang | Shuo Chen | Tao Wan | Jianjun Chen
[1] Jian Jiang,et al. Cookies Lack Integrity: Real-World Implications , 2015, USENIX Security Symposium.
[2] Vitaly Shmatikov,et al. The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites , 2013, NDSS.
[3] Dawn Xiaodong Song,et al. Towards a Formal Foundation of Web Security , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.
[4] Collin Jackson,et al. Robust defenses for cross-site request forgery , 2008, CCS.
[5] Roy T. Fielding,et al. Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content , 2014, RFC.
[6] Jörg Schwenk,et al. Same-Origin Policy: Evaluation in Modern Browsers , 2017, USENIX Security Symposium.
[7] Wouter Joosen,et al. Automatic and Precise Client-Side Protection against CSRF Attacks , 2011, ESORICS.
[8] Helen J. Wang,et al. On the Incoherencies in Web Browser Access Control Policies , 2010, 2010 IEEE Symposium on Security and Privacy.
[9] Sid Stamm,et al. Reining in the web with content security policy , 2010, WWW '10.
[10] Jochen Topf,et al. The HTML Form Protocol Attack , 2001 .
[11] Michele Orru,et al. The Browser Hacker's Handbook , 2014 .
[12] Tsuyoshi Murata,et al. {m , 1934, ACML.