[1] Abdulkader A. Alfantookh. An automated universal
server level solution for SQL injection security flaw.
International Conference on Electrical, Electronic and
Computer Engineering, pages 131–135, September
2004.
[2] CERT. Advisory CA-2000-02: malicious HTML tags
embedded in client web requests.
http://www.cert.org/advisories/CA-2000-02.html,
2000.
[3] W3C World Wide Web Consortium. HTTP -
Hypertext Transfer Protocol.
http://www.w3.org/Protocols/, 2000.
[4] Microsoft Corporation. Architecture and Design
Review for Security.
http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/dnnets%ec/html/THCMCh05.asp,
2005.
[5] Microsoft Corporation. ISAPI Server Extensions and
Filters. http://msdn.microsoft.com/library/
default.asp?url=/library/en-us/vccore%98/HTML/
_core_isapi_server_extensions_and_filters.asp,
2005.
[6] Microsoft Corporation. Microsoft .NET Framework
Development Center.
http://msdn.microsoft.com/netframework/, 2005.
[7] Microsoft Corporation. System.Reflection Namespace.
http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/cpref/%html/
frlrfsystemreflection.asp, 2005.
[8] David Cruwys. C Sharp/VB - Automated WebSpider
/ WebRobot. http:
//www.codeproject.com/csharp/DavWebSpider.asp,
March 2004.
[9] David Endler. The Evolution of Cross Site Scripting
Attacks. Technical report, iDEFENSE Labs, 2002.
[10] Carlo Ghezzi, Mehdi Jazayeri, and Dino Mandrioli.
Fundamentals of Software Engineering. Prentice-Hall
International, 1994.
[11] Yao-Wen Huang, Fang Yu andChristian Hang,
Chung-Hung Tsai, Der-Tsai Lee, and Sy-Yen Kuo.
Securing web application code by static analysis and
runtime protection. In 13th ACM International World
Wide Web Conference, 2004.
[12] Yao-Wen Huang, Shih-Kun Huang, and Tsung-Po Lin.
Web Application Security Assessment by Fault
Injection and Behavior Monitoring. 12th ACM
International World Wide Web Conference, May 2003.
[13] Insecure.org. NMap Network Scanner.
http://www.insecure.org/nmap/, 2005.
[14] Rachael Lininger and Russell D. Vines. Phishing.
Wiley Publishing Inc., May 2005.
[15] Acunetix Ltd. Acunetix Web Vulnerability Scanner.
http://www.acunetix.com/, 2005.
[16] Ken Moody and Marco Palomino. SharpSpider:
Spidering the Web through Web Services. First Latin
American Web Congress (LA-WEB 2003), 2003.
[17] Information Technology Industry Council NCITS.
SQL-92 standard. http://www.ncits.org/, 1992.
[18] Nikto. Web Server Scanner.
http://www.cirt.net/code/nikto.shtml, 2005.
[19] RSnake. XSS cheatsheet. http:
//sec.drorshalev.com/dev/xss/xssTricks.htm.
[20] David Scott and Richard Sharp. Abstracting
application-level Web security. 11th ACM
International World Wide Web Conference, Hawaii,
USA, 2002.
[21] SelfHtml. JavaScript Tutorial.
http://www.selfhtml.de, 2005.
[22] Tenable Network SecurityTM. Nessus Open Source
Vulnerability Scanner Project.
http://www.nessus.org/, 2005.
[23] Paolo Tonella and Filippo Ricca. A 2-Layer Model for
the White-Box Testing of Web Applications. In IEEE
International Workshop on Web Site Evolution
(WSE), 2004.
[24] Xprobe. Xprobe: active os fingerprinting tool.
http://xprobe.sourceforge.net/, 2005.
server level solution for SQL injection security flaw.
International Conference on Electrical, Electronic and
Computer Engineering, pages 131–135, September
2004.
[2] CERT. Advisory CA-2000-02: malicious HTML tags
embedded in client web requests.
http://www.cert.org/advisories/CA-2000-02.html,
2000.
[3] W3C World Wide Web Consortium. HTTP -
Hypertext Transfer Protocol.
http://www.w3.org/Protocols/, 2000.
[4] Microsoft Corporation. Architecture and Design
Review for Security.
http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/dnnets%ec/html/THCMCh05.asp,
2005.
[5] Microsoft Corporation. ISAPI Server Extensions and
Filters. http://msdn.microsoft.com/library/
default.asp?url=/library/en-us/vccore%98/HTML/
_core_isapi_server_extensions_and_filters.asp,
2005.
[6] Microsoft Corporation. Microsoft .NET Framework
Development Center.
http://msdn.microsoft.com/netframework/, 2005.
[7] Microsoft Corporation. System.Reflection Namespace.
http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/cpref/%html/
frlrfsystemreflection.asp, 2005.
[8] David Cruwys. C Sharp/VB - Automated WebSpider
/ WebRobot. http:
//www.codeproject.com/csharp/DavWebSpider.asp,
March 2004.
[9] David Endler. The Evolution of Cross Site Scripting
Attacks. Technical report, iDEFENSE Labs, 2002.
[10] Carlo Ghezzi, Mehdi Jazayeri, and Dino Mandrioli.
Fundamentals of Software Engineering. Prentice-Hall
International, 1994.
[11] Yao-Wen Huang, Fang Yu andChristian Hang,
Chung-Hung Tsai, Der-Tsai Lee, and Sy-Yen Kuo.
Securing web application code by static analysis and
runtime protection. In 13th ACM International World
Wide Web Conference, 2004.
[12] Yao-Wen Huang, Shih-Kun Huang, and Tsung-Po Lin.
Web Application Security Assessment by Fault
Injection and Behavior Monitoring. 12th ACM
International World Wide Web Conference, May 2003.
[13] Insecure.org. NMap Network Scanner.
http://www.insecure.org/nmap/, 2005.
[14] Rachael Lininger and Russell D. Vines. Phishing.
Wiley Publishing Inc., May 2005.
[15] Acunetix Ltd. Acunetix Web Vulnerability Scanner.
http://www.acunetix.com/, 2005.
[16] Ken Moody and Marco Palomino. SharpSpider:
Spidering the Web through Web Services. First Latin
American Web Congress (LA-WEB 2003), 2003.
[17] Information Technology Industry Council NCITS.
SQL-92 standard. http://www.ncits.org/, 1992.
[18] Nikto. Web Server Scanner.
http://www.cirt.net/code/nikto.shtml, 2005.
[19] RSnake. XSS cheatsheet. http:
//sec.drorshalev.com/dev/xss/xssTricks.htm.
[20] David Scott and Richard Sharp. Abstracting
application-level Web security. 11th ACM
International World Wide Web Conference, Hawaii,
USA, 2002.
[21] SelfHtml. JavaScript Tutorial.
http://www.selfhtml.de, 2005.
[22] Tenable Network SecurityTM. Nessus Open Source
Vulnerability Scanner Project.
http://www.nessus.org/, 2005.
[23] Paolo Tonella and Filippo Ricca. A 2-Layer Model for
the White-Box Testing of Web Applications. In IEEE
International Workshop on Web Site Evolution
(WSE), 2004.
[24] Xprobe. Xprobe: active os fingerprinting tool.
http://xprobe.sourceforge.net/, 2005.
No comments:
Post a Comment