[1] Phishmarkt :: de. http://baseportal.com/
baseportal/phishmarkt/de, 2006.
[2] Phishmarkt :: at. http://baseportal.com/
baseportal/phishmarkt/at, 2007.
[3] A. Soulard, P. Gieling, M. Hercelin and J. Boulmont.
@lex Guestbook. http://www.alexguestbook.
net, 2008.
[4] Acunetix. Acunetix Web Vulnerability Scanner. http:
//www.acunetix.com/, 2008.
[5] B. (BK) Rios. Google XSS. http://xs-sniper.com/
blog/2008/04/14/google-xss/, 2008.
[6] D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic,
E. Kirda, C. Kruegel, and G. Vigna. Saner: Composing
Static and Dynamic Analysis to Validate Sanitization inWeb
Applications. In IEEE Security and Privacy Symposium,
2008.
[7] CERT. Advisory CA-2000-02: Malicious HTML Tags Embedded
in Client Web Requests. http://www.cert.
org/advisories/CA-2000-02.html, 2000.
[8] D. Endler. The Evolution of Cross Site Scripting Attacks.
Technical report, iDEFENSE Labs, 2002.
[9] M. V. Gundy and H. Chen. Noncespaces: Using randomization
to enforce information flow tracking and thwart crosssite
scripting attacks. In Proceedings of the 16th Annual Network
and Distributed System Security Symposium (NDSS),
2009.
[10] O. Hallaraker and G. Vigna. Detecting Malicious JavaScript
Code in Mozilla. In Proceedings of the IEEE International
Conference on Engineering of Complex Computer Systems
(ICECCS), 2005.
[11] N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: A Static
Analysis Tool for DetectingWeb Application Vulnerabilities
(Short Paper). In IEEE Symposium on Security and Privacy,
2006.
[12] S. Kals, E. Kirda, C. Kruegel, and N. Jovanovic. SecuBat: A
Web Vulnerability Scanner. In World Wide Web Conference,
2006.
[13] E. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic. Noxes:
A client-side solution for mitigating cross-site scripting attacks.
In 21st ACM Symposium on Applied Computing
(SAC), 2006.
[14] G. D. Lucca, A. Fasolino, M. Mastoianni, and P. Tramontana.
Identifying cross site scripting vulnerabilities in web
applications. In Sixth IEEE International Workshop on Web
Site Evolution (WSE), 2004.
[15] M. Wagner. phpstats 0.1 alpha. http://www.
michael-wagner.de/software/phpstats/,
2008.
[16] S. McAllister, E. Kirda, and C. Kruegel. Expanding human
interactions for in-depth testing of web applications. In
11th Symposium on Recent Advances in Intrusion Detection
(RAID), 2008.
[17] NIST National Vulnerability Database. CVE-2002-
0902: Cross-site scripting vulnerability in phpBB 2.0.0.
http://nvd.nist.gov/nvd.cfm?cvename=
CVE-2002-0902, 2002.
[18] NIST National Vulnerability Database. CVE-2008-0125:
Cross-site scripting (XSS) vulnerability in phpstats.php.
http://nvd.nist.gov/nvd.cfm?cvename=
CVE-2008-0125, 2008.
[19] OWASP. OWASP Top Ten. http://www.owasp.
org/index.php/Category:OWASP_Top_Ten_
Project, 2007.
[20] phpBB. phpBB web forum software. http://www.
phpbb.com, 2008.
[21] PortSwigger. Burp Suite. http://portswigger.
net/suite/, 2008.
[22] RSnake. XSS Cheat Sheet. http://ha.ckers.org/
xss.html, 2008.
[23] D. Scott and R. Sharp. Abstracting Application-level Web
Security. In 11th World Wide Web Conference, 2002.
[24] SecurityFocus. @lex Guestbook Multiple Cross-Site Scripting
Vulnerabilities. http://www.securityfocus.
com/bid/28519/, 2008.
[25] Z. Su and G.Wassermann. The Essence of Command Injection
Attacks in Web Applications. In Symposium on Principles
of Programming Languages, 2006.
[26] T. Jim and N. Swamy and M. Hicks. BEEP: Browser-
Enforced Embedded Policies. In 16th International World
Wide Web Conference (WWW2007), Banff, 2007.
[27] P. Vogt, F. Nentwich, N. Jovanovic, C. Kruegel, E. Kirda,
and G. Vigna. Cross site scripting prevention with dynamic
data tainting and static analysis. In 14th Annual Network
and Distributed System Security Symposium (NDSS), 2007.
[28] Web Application Attack and Audit Framework. http://
w3af.sourceforge.net/.
[29] WhiteHat Security. Website Security Statistics Report.
http://www.whitehatsec.com/home/
resource/stats.html, 2008.
[30] Y. Xie and A. Aiken. Static Detection of Security Vulnerabilities
in Scripting
baseportal/phishmarkt/de, 2006.
[2] Phishmarkt :: at. http://baseportal.com/
baseportal/phishmarkt/at, 2007.
[3] A. Soulard, P. Gieling, M. Hercelin and J. Boulmont.
@lex Guestbook. http://www.alexguestbook.
net, 2008.
[4] Acunetix. Acunetix Web Vulnerability Scanner. http:
//www.acunetix.com/, 2008.
[5] B. (BK) Rios. Google XSS. http://xs-sniper.com/
blog/2008/04/14/google-xss/, 2008.
[6] D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic,
E. Kirda, C. Kruegel, and G. Vigna. Saner: Composing
Static and Dynamic Analysis to Validate Sanitization inWeb
Applications. In IEEE Security and Privacy Symposium,
2008.
[7] CERT. Advisory CA-2000-02: Malicious HTML Tags Embedded
in Client Web Requests. http://www.cert.
org/advisories/CA-2000-02.html, 2000.
[8] D. Endler. The Evolution of Cross Site Scripting Attacks.
Technical report, iDEFENSE Labs, 2002.
[9] M. V. Gundy and H. Chen. Noncespaces: Using randomization
to enforce information flow tracking and thwart crosssite
scripting attacks. In Proceedings of the 16th Annual Network
and Distributed System Security Symposium (NDSS),
2009.
[10] O. Hallaraker and G. Vigna. Detecting Malicious JavaScript
Code in Mozilla. In Proceedings of the IEEE International
Conference on Engineering of Complex Computer Systems
(ICECCS), 2005.
[11] N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: A Static
Analysis Tool for DetectingWeb Application Vulnerabilities
(Short Paper). In IEEE Symposium on Security and Privacy,
2006.
[12] S. Kals, E. Kirda, C. Kruegel, and N. Jovanovic. SecuBat: A
Web Vulnerability Scanner. In World Wide Web Conference,
2006.
[13] E. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic. Noxes:
A client-side solution for mitigating cross-site scripting attacks.
In 21st ACM Symposium on Applied Computing
(SAC), 2006.
[14] G. D. Lucca, A. Fasolino, M. Mastoianni, and P. Tramontana.
Identifying cross site scripting vulnerabilities in web
applications. In Sixth IEEE International Workshop on Web
Site Evolution (WSE), 2004.
[15] M. Wagner. phpstats 0.1 alpha. http://www.
michael-wagner.de/software/phpstats/,
2008.
[16] S. McAllister, E. Kirda, and C. Kruegel. Expanding human
interactions for in-depth testing of web applications. In
11th Symposium on Recent Advances in Intrusion Detection
(RAID), 2008.
[17] NIST National Vulnerability Database. CVE-2002-
0902: Cross-site scripting vulnerability in phpBB 2.0.0.
http://nvd.nist.gov/nvd.cfm?cvename=
CVE-2002-0902, 2002.
[18] NIST National Vulnerability Database. CVE-2008-0125:
Cross-site scripting (XSS) vulnerability in phpstats.php.
http://nvd.nist.gov/nvd.cfm?cvename=
CVE-2008-0125, 2008.
[19] OWASP. OWASP Top Ten. http://www.owasp.
org/index.php/Category:OWASP_Top_Ten_
Project, 2007.
[20] phpBB. phpBB web forum software. http://www.
phpbb.com, 2008.
[21] PortSwigger. Burp Suite. http://portswigger.
net/suite/, 2008.
[22] RSnake. XSS Cheat Sheet. http://ha.ckers.org/
xss.html, 2008.
[23] D. Scott and R. Sharp. Abstracting Application-level Web
Security. In 11th World Wide Web Conference, 2002.
[24] SecurityFocus. @lex Guestbook Multiple Cross-Site Scripting
Vulnerabilities. http://www.securityfocus.
com/bid/28519/, 2008.
[25] Z. Su and G.Wassermann. The Essence of Command Injection
Attacks in Web Applications. In Symposium on Principles
of Programming Languages, 2006.
[26] T. Jim and N. Swamy and M. Hicks. BEEP: Browser-
Enforced Embedded Policies. In 16th International World
Wide Web Conference (WWW2007), Banff, 2007.
[27] P. Vogt, F. Nentwich, N. Jovanovic, C. Kruegel, E. Kirda,
and G. Vigna. Cross site scripting prevention with dynamic
data tainting and static analysis. In 14th Annual Network
and Distributed System Security Symposium (NDSS), 2007.
[28] Web Application Attack and Audit Framework. http://
w3af.sourceforge.net/.
[29] WhiteHat Security. Website Security Statistics Report.
http://www.whitehatsec.com/home/
resource/stats.html, 2008.
[30] Y. Xie and A. Aiken. Static Detection of Security Vulnerabilities
in Scripting
No comments:
Post a Comment