Thursday 25 October 2012

[1]. Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai Lee,
Sy-Yen Kuo, “Securing Web Application Code By Static Analysis and
Runtime Protection”, in Proceedings of International WWW Conference, New
York, USA, pp. 40 – 52, May 2004.
[2]. Billy Hoffman , Bryan Sullivan, “Ajax Security,” Chapter – 4, Ajax attack
surface, Addison-Wesley, Boston, MA, December 2007.
[3]. Noriko Hanakawa, Nao Ikemiya, “A New Web Browser Including A
Transferable Function to Ajax Codes”, in Proceedings of 21st IEEE/ACM
International Conference on Automated Software Engineering (ASE '06),
Tokyo, Japan, pp. 351-352, September 2006.
[4]. Acunetix Ltd, “Web Applications: What are they? What of them?”,
http://acunetix.com/websitesecurity/web-applications.htm.
[5]. Matthew Eernisse, “Build Your Own AJAX Web Applications”, Chapter 1:
AJAX: the Overview, SitePoint publication, Australia, June 2006.
[6]. Seth Fogie, Jeremiah Grossman, Robert Hansen, Anton Rager , Petko D.
Petkov, “XSS Exploits: Cross Site Scripting Attacks and Defense”, Syngress
Publishing, Burlington, MA, May 2007.
[7]. Omar Ismail, Masashi Etoh, Youki Kadobayashi, and Suguru Yamaguchi, “A
Proposal and Implementation of Automatic Detection/Collection System for
Cross-Site Scripting Vulnerability”, in Proceedings of the 18th International
Conference on Advanced Information Networking and Application (AINA04),
Japan, pp. 145-151, March 2004.
[8]. Ken Munro, “Crossing the End-User Application Developer Divide”,
Infosecurity, Volume 4, Issue 2, Page 43, March 2007.
[9]. Vivek Haldar, Deepak Chandra, Michael Franz, “Dynamic Taint Propagation
for Java”, in Proceedings of the 21st Annual Computer Security Applications
Conference, Tucson, AZ, pp. 303-311, December 2005.
[10]. Joel Scambray and Mike Shema, “Hacking Exposed Web Applications”,
Chapter 13 - Case Studies, McGraw-Hill/Osborne, California, U.S.A, 2002.
[11]. Michael Howard and David LeBlanc, “Writing Secure Code”, Second
Edition, Chapter 10 - All Input Is Evil!, Microsoft Press, Redmond,
Washington, 2003.

[12]. Dino Esposito, “Programming Microsoft ASP.NET 2.0 Core Reference”,
Chapter 15 - ASP.NET Security, Microsoft Press, Redmond, Washington,
2006.
[13]. Mark M. Burnett and James C. Foster, “Hacking the Code: ASP.NET Web
Application Security”, Chapter 5 - Filtering User Input, Syngress Publishing,
Rockland, MA, 2004.
[14]. Jochen Topf, “The HTML Form Protocol Attack”,
http://www.remote.org/jochen/sec/hfpa/hfpa.pdf.
[15]. Ed Robinson and Michael James Bond, “Security for Microsoft Visual Basic
.NET”, Chapter 14 - Threats—Analyze, Prevent, Detect, and Respond,
Microsoft Press, Redmond, Washington, 2003.
[16]. K Dubost, H Haas, I Jacobs, “Remedies For Common User-Agent
Problems”, ACM Interactions, Volume 9, Issue 3, May 2002.
[17]. C. Jackson, A. Bortz, D. Boneh, and J. C. Mitchell, “Protecting Browser
State From Web Privacy Attacks”, in proceedings of 15th international
conference on World Wide Web, Edinburg, Scotland, pp. 737-744, May
2006.
[18]. Software Quality Group, “About OWASP”,
http://searchsoftwarequality.techtarget.com/sDefinition/0,290660,sid92_gci1192
885,00.html.
[19]. Common Vulnerabilities and Exposures, “The Standard for Information
Security Vulnerability Names”, http://cve.mitre.org/, last accessed May 24,
2007.
[20]. Bill Brenner, “Ajax Threats Worry Researchers”,
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci12077
59,00.html.
[21]. Slackers forum, “Vulnerable Sites Information Posted By Hackers”,
http://sla.ckers.org/forum/read.php?3,44,632
[22]. Jeremiah Grossman, “WhiteHat Security Web Application Security Risk
Report”, http://www.whitehatsec.com/home/assets/WP041907statsreport.pdf.
[23]. Security Firm Report, “90% of Web Apps Are Vulnerable”,
http://www.itfacts.biz/index.php?id=P1226
[24]. Acunetix Report, “XSS Vulnerability”,
http://www.acunetix.com/news/cross-site-scripting.htm
[25]. Matthew Broersma, “Cross-Site Scripting the Top Security Risk”,
http://www.networkworld.com/news/2006/091806-cross-site-scripting-thetop-
security.html.

[26]. Kelly Jackson Higgins, “Cross-Site Scripting: Attackers' New Favorite
Flaw”, http://www.darkreading.com/document.asp?doc_id=103774.
[27].Vivian Yeo, “Hackers Ride on Web App Vulnerabilities”,
http://www.zdnetasia.com/news/security/0,39044215,61969925,00.htm.
[28]. Martin Heller, “How to Defeat the New No. 1 Security Threat: Cross-Site
Scripting”,
http://www.computerworld.com/action/article.do?command=viewArticleBasic
&articleId=9003710&pageNumber=1.
[29]. Storage and Security Report, “Internet Threats Will Continue to Increase”,
http://www.integratedmar.com/ereportstorage/story.cfm?item=418http://www.
integratedmar.com/ereportstorage/story.cfm?item=418
[30]. Colleen Frye, “Web Application Security Vulnerabilities by the Numbers”,
http://searchappsecurity.techtarget.com/originalContent/0,289142,sid92_gci12
38422,00.html?track=sy280
[31]. SANS Security Firm, “SANS Top-20 Internet Security Attack Targets”,
http://www.sans.org/top20/?ref=1814.
[32]. Colleen Frye, “XSS The Top Vulnerability In Most Web Applications In
Q1”,
http://searchsoftwarequality.techtarget.com/originalContent/0,289142,sid92_g
ci1256570,00.html?track=NL-
498&ad=590666&asrc=EM_NLN_1501330&uid=5685607.
[33]. K. Sivakumar, K. Karg, “ Monitoring and Impeding Cross Site Scripting
(XSS) Vulnerabilities: A Survey”, in Proceedings of the International
Conference on Information Security and Computer Forensics, SRM
University, Chennai, India, pp. 187-194, December 2006.
[34]. Scott, D. Sharp, “Abstracting Application-Level Web Security”, in
Proceedings of 11th International Conference World Wide Web (WWW2002),
Honolulu, Hawaii, pp. 396-407, May 2002.
[35]. Scott, D., Sharp, “Developing Secure Web Applications”, IEEE Internet
Computing, Volume 6, Issue 6, pp. 38-45, November 2002.
[36]. Bobbitt M., “Bulletproof Web Security”,
http://infosecuritymag.techtarget.com/2002/may/bulletproof.shtml.
[37]. Engin Kirda, Christopher Kruegel, Giovanni Vigna, and Nenad
JovanovicNoxes, “A Client-Side Solution for Mitigating Cross-Site Scripting
Attacks”, in Proceedings of the 2006 ACM Symposium On Applied
Computing (SAC’06), Dijon, France, pp. 330-337, April 2006.
[38]. O. Ismaill, M.E. Youki, K. Adobayashi, S. Yamaguch, “A Proposal and
Implementation of Automatic Detection/Collection System for Cross-Site
Scripting Vulnerability”, in Proceedings of the 18th International Conference

On Advanced Information Networking And Application (AINA’04), Fukuoka,
Japan, Volume 1, pp.145-151, March 2004.
[39]. Christopher Krugel, G.Vigna, William Robertson, “A Multi-Model
Approach to the Detection of Web Based Attacks”, Computer Networks,
Volume 48, Issue 5, pp. 717-738, August 2005.
[40]. Joon S. Park, Ravi Sandhu, “Secure Cookies on the Web”, IEEE internet
computing, Volume 4, pp. 36-44, July/August 2000
[41]. Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai
Lee, Sy-Yen Kuo, “Securing Web Application Code By Static Analysis and
Runtime Protection”, in Proceedings of International WWW Conference,
New York, USA, pp. 40 – 52, May 2004.
[42]. Zhendong Su, Gary Wassermann, “The Essence of Command Injection
Attacks In Web Applications”, 33rd ACM Sigplan-Sigact Symposium on
Principles of Programming Languages, South Carolina, USA, pp. 372 - 382,
January 2006.
[43]. Wes Masri and Andy Podgurski “Using Dynamic Information Flow
Analysis to Detect Attacks Against Applications”, ACM SIGSOFT Software
Engineering Notes, Volume 30, Issue 4, pp. 1-7, July 2005.
[44]. N. Jovanovic, C. Kruegel and E. Kirda, “Pixy: A Static Analysis Tool for
Detecting Web Application Vulnerabilities”, in Proceedings of the 2006 IEEE
Symposium on Security and Privacy(S&P’06), California, U.S.A, pp. 27-36,
May 2006.
[45]. Wes Masri, Andy Podgurski and David Leon, “Detecting and Debugging
Insecure Information Flows”, in Proceedings of 15th International Symposium
on Software Reliability Engineering (ISSRE'04), France, pp. 198-209,
November 2004.
[46]. Jin-Cherng Lin and Jan-Min Chen, “An Automatic Revised Tool for Anti-
Malicious Injection”, in Proceedings of 6th IEEE International Conference on
Computer and Information Technology (CIT'06), Seoul, Korea, p. 164,
September 2006.
[47]. BRICS Research group, “The JWIG Project”, http://www.brics.dk/JWIG/.
[48]. Wes Masri and Andy Podgurski, “An Empirical Study of the Strength of
Information Flows in Programs”, in Proceedings of 4th International
Workshop on Dynamic Analysis (WODA 2006), Shanghai, China, pp. 73-80,
May 2006
[49]. Yao-Wen Huang, Chung-Hung Tsai, D. T. Lee and Sy-Yen Kuo, “Non-
Detrimental Web Application, Security Scanning”, in Proceedings of 15th
International Symposium on Software Reliability Engineering (ISSRE'04),
France, pp. 219-230, November 2004.

[50]. Yao-Wen Huang, Shih-Kun Huang, Tsung-Po Lin and Chung-Hung Tsai,
“Web Application Security Assessment By Fault Injection and Behavior
Monitoring”, in Proceedings of the 12th international conference on World
Wide Web, Budapest, Hungary, pp. 148 – 159, May 2003.
[51]. Jayamsakthi Shanmugam, Dr.M.Ponnavaikko “A Solution to Block Cross
Site Scripting Vulnerabilities Based on Service Oriented Architecture”, in
Proceedings of 6th IEEE international conference on computer and
information science (ICIS 07) published by IEEE Computer Society in IEEE
Xplore, Australia, pp. 861-866, July 11-13, 2007.
[52]. Jayamsakthi Shanmugam, Dr.M.Ponnavaikko, “XSS Application Worms:
New Internet Infestation and Optimized Protective Measures”, in Proceedings
of 8th ACIS International Conference on Software Engineering, Artificial
Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007),
published by IEEE Computer Society in IEEE Xplore, China, Volume 3, pp.
1164-1169, July 30 - Aug 1, 2007.
[53]. Jayamsakthi Shanmugam, Dr.M.Ponnavaikko, “Risk Mitigation for Cross
Site Scripting Attacks Using Signature Model on the Server Side”, in
Proceedings of Multi Symposiums on Computer and Computational Sciences
2007 (IMSCCS07), published by IEEE Computer Society in IEEE Xplore,
Iowa, USA , pp. 398-405, August 13-15th 2007.
[54]. Jayamsakthi Shanmugam, Dr.M.Ponnavaikko, “Behavior-Based Anomaly
Detection on the Server Side to Reduce the Effectiveness of Cross Site
Scripting Vulnerabilities”, in Proceedings of 3rd IEEE International
Conference on Semantics, Knowledge, and Grid, published by IEEE
Computer Society in IEEE Xplore, China, pp. 350-353, October 29-31 2007
[55]. Ken Munro, “Crossing the End-User Application Developer Divide”,
Infosecurity, Volume 4, Issue 2, Page 43, March 2007.
[56]. Chris Snyder and Michael Southwell, “Pro Php Security”, Chapter 13 -
Preventing Cross-Site Scripting , Apress, Berkely, CA, 2005.

No comments:

Post a Comment