[1] D. Flanagan. JavaScript: The Definitive Guide.
December 2001. 4th Edition.
[2] ECMA-262, ECMAScript language specification, 1999.
[3] David Endler. The Evolution of Cross Site Scripting
Attacks. Technical report, iDEFENSE Labs, 2002.
[4] CERT. Advisory CA-2000-02: malicious HTML tags
embedded in client web requests.
http://www.cert.org/advisories/CA-2000-02.html,
2000.
[5] Common Vulnerabilities and Exposures.
http://www.cve.mitre.org/, 2005.
[6] Steven Cook. A Web Developer’s Guide to Cross-Site
Scripting. Technical report, SANS Institute, 2003.
[7] CERT. Understanding malicious content mitigation
for web developers. http://www.cert.org/tech_
tips/malicious_code_mitigation.html, 2005.
[8] TINY Software. Tiny Firewall.
http://www.tinysoftware.com/home/tiny2, 2005.
[9] Zone Labs. Zone Labs Internet Security Products.
http://www.zonelabs.com/store/content/home.jsp,
2005.
[10] Kerio. Kerio Firewall. http://www.kerio.com, 2005.
[11] Symantec. Norton Personal Firewall.
http://www.symantec.com/sabu/nis/npf/, 2005.
[12] Dark Bicho. PHP-Nuke Reviews Module Cross-Site
Scripting Vulnerability.
http://www.securityfocus.com/bid/10493, 2004.
[13] Francisco Burzi. PHP-Nuke Home Page.
http://www.phpnuke.org, 2005.
[14] Security Focus. Bugtraq Mailing List.
http://www.securityfocus.com, 2005.
[15] David Scott and Richard Sharp. Abstracting
Application-Level Web Security. In Proceedings of the
11th International World Wide Web Conference
(WWW 2002), May 2002.
[16] Sanctum Inc. AppShield White Paper.
http://sanctuminc.com, 2005.
[17] Axel Kossel. eBay-Passwortklau.
http://www.heise.de/security/result.xhtml?url=
/security/artikel/54271&w%ords=eBay, 2004.
[18] Yao-Wen Huang, Shih-Kun Huang, Tsung-Po Lin, and
Chung-Hung Tsai. Web application security
assessment by fault injection and behavior monitoring.
In Proceedings of the 12th International World Wide
Web Conference (WWW 2003), May 2003.
[19] Yao-Wen Huang, Fang Yu, Christian Hang,
Chung-Hung Tsai, D.T. Lee, and Sy-Yen Kuo.
Securing Web Application Code by Static Analysis
and Runtime Protection. In Proceedings of the 13th
International World Wide Web Conference (WWW
2004), May 2004.
December 2001. 4th Edition.
[2] ECMA-262, ECMAScript language specification, 1999.
[3] David Endler. The Evolution of Cross Site Scripting
Attacks. Technical report, iDEFENSE Labs, 2002.
[4] CERT. Advisory CA-2000-02: malicious HTML tags
embedded in client web requests.
http://www.cert.org/advisories/CA-2000-02.html,
2000.
[5] Common Vulnerabilities and Exposures.
http://www.cve.mitre.org/, 2005.
[6] Steven Cook. A Web Developer’s Guide to Cross-Site
Scripting. Technical report, SANS Institute, 2003.
[7] CERT. Understanding malicious content mitigation
for web developers. http://www.cert.org/tech_
tips/malicious_code_mitigation.html, 2005.
[8] TINY Software. Tiny Firewall.
http://www.tinysoftware.com/home/tiny2, 2005.
[9] Zone Labs. Zone Labs Internet Security Products.
http://www.zonelabs.com/store/content/home.jsp,
2005.
[10] Kerio. Kerio Firewall. http://www.kerio.com, 2005.
[11] Symantec. Norton Personal Firewall.
http://www.symantec.com/sabu/nis/npf/, 2005.
[12] Dark Bicho. PHP-Nuke Reviews Module Cross-Site
Scripting Vulnerability.
http://www.securityfocus.com/bid/10493, 2004.
[13] Francisco Burzi. PHP-Nuke Home Page.
http://www.phpnuke.org, 2005.
[14] Security Focus. Bugtraq Mailing List.
http://www.securityfocus.com, 2005.
[15] David Scott and Richard Sharp. Abstracting
Application-Level Web Security. In Proceedings of the
11th International World Wide Web Conference
(WWW 2002), May 2002.
[16] Sanctum Inc. AppShield White Paper.
http://sanctuminc.com, 2005.
[17] Axel Kossel. eBay-Passwortklau.
http://www.heise.de/security/result.xhtml?url=
/security/artikel/54271&w%ords=eBay, 2004.
[18] Yao-Wen Huang, Shih-Kun Huang, Tsung-Po Lin, and
Chung-Hung Tsai. Web application security
assessment by fault injection and behavior monitoring.
In Proceedings of the 12th International World Wide
Web Conference (WWW 2003), May 2003.
[19] Yao-Wen Huang, Fang Yu, Christian Hang,
Chung-Hung Tsai, D.T. Lee, and Sy-Yen Kuo.
Securing Web Application Code by Static Analysis
and Runtime Protection. In Proceedings of the 13th
International World Wide Web Conference (WWW
2004), May 2004.
No comments:
Post a Comment