Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner
暂无分享,去创建一个
Christopher Krügel | Giovanni Vigna | Adam Doupé | Ludovico Cavedon | Christopher Krügel | Adam Doupé | G. Vigna | Ludovico Cavedon
[1] Frank Tip,et al. Finding Bugs in Web Applications Using Dynamic Test Generation and Explicit-State Model Checking , 2010, IEEE Transactions on Software Engineering.
[2] D. de Werra,et al. Graph Coloring Problems , 2013 .
[3] Yannis Smaragdakis,et al. DSD-Crasher: A hybrid analysis tool for bug finding , 2006, TSEM.
[4] Marco Vieira,et al. Using web security scanners to detect vulnerabilities in web services , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.
[5] Giuseppe A. Di Lucca,et al. WARE: a tool for the reverse engineering of Web applications , 2002, Proceedings of the Sixth European Conference on Software Maintenance and Reengineering.
[6] Andrew C. Myers,et al. SIF: Enforcing Confidentiality and Integrity in Web Applications , 2007, USENIX Security Symposium.
[7] Sriram Raghavan,et al. Crawling the Hidden Web , 2001, VLDB.
[8] Xiaowei Li,et al. BLOCK: a black-box approach for detection of state violation attacks towards web applications , 2011, ACSAC '11.
[9] Christopher Krügel,et al. Toward Automated Detection of Logic Vulnerabilities in Web Applications , 2010, USENIX Security Symposium.
[10] Christopher Krügel,et al. Leveraging User Interactions for In-Depth Testing of Web Applications , 2008, RAID.
[11] John C. Mitchell,et al. State of the Art: Automated Black-Box Web Application Vulnerability Testing , 2010, 2010 IEEE Symposium on Security and Privacy.
[12] Richard Wolski,et al. The Eucalyptus Open-Source Cloud-Computing System , 2009, 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid.
[13] Arie van Deursen,et al. Crawling AJAX by Inferring User Interface State Changes , 2008, 2008 Eighth International Conference on Web Engineering.
[14] Giovanni Vigna,et al. Multi-module vulnerability analysis of web-based applications , 2007, CCS '07.
[15] Porfirio Tramontana,et al. Reverse Engineering Finite State Machines from Rich Internet Applications , 2008, 2008 15th Working Conference on Reverse Engineering.
[16] Christopher Krügel,et al. Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).
[17] Josef Stoer,et al. Numerische Mathematik 1 , 1989 .
[18] Giovanni Vigna,et al. Why Johnny Can't Pentest: An Analysis of Black-Box Web Vulnerability Scanners , 2010, DIMVA.
[19] Tommy R. Jensen,et al. Graph Coloring Problems , 1994 .
[20] D. T. Lee,et al. Securing web application code by static analysis and runtime protection , 2004, WWW '04.
[21] Giovanni Vigna,et al. Static Enforcement of Web Application Integrity Through Strong Typing , 2009, USENIX Security Symposium.
[22] Robert A. Martin,et al. Vulnerability Type Distributions in CVE , 2007 .
[23] Edsger W. Dijkstra,et al. A note on two problems in connexion with graphs , 1959, Numerische Mathematik.
[24] Tao Xie,et al. DSD-Crasher: A hybrid analysis tool for bug finding , 2008 .
[25] Richard Sharp,et al. Abstracting application-level web security , 2002, WWW.
[26] Christopher Krügel,et al. Static analysis for detecting taint-style vulnerabilities in web applications , 2010, J. Comput. Secur..
[27] Giovanni Vigna,et al. Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications , 2007, RAID.
[28] Christopher Krügel,et al. Fear the EAR: discovering and mitigating execution after redirect vulnerabilities , 2011, CCS '11.
[29] Alessandro Orso,et al. Penetration Testing with Improved Input Vector Identification , 2009, 2009 International Conference on Software Testing Verification and Validation.
[30] Christopher Krügel,et al. SecuBat: a web vulnerability scanner , 2006, WWW '06.
[31] Shih-Kun Huang,et al. Web application security assessment by fault injection and behavior monitoring , 2003, WWW '03.
[32] Jesse James Garrett. Ajax: A New Approach to Web Applications , 2007 .
[33] Bengt Jonsson,et al. Regular Inference for State Machines Using Domains with Equality Tests , 2008, FASE.
[34] Xiaowei Li,et al. SENTINEL: securing database from logic flaws in web applications , 2012, CODASPY '12.