1. LD PRELOAD Feature. See man page of LD.SO(8).
2. SpiderMonkey (JavaScript-C) Engine. http://www.mozilla.org/js/
spidermonkey/.
3. Elias Athanasopoulos, Vasilis Pappas, Antonis Krithinakis, Spyros Ligouras, and
Evangelos P. Markatos. xJS: Practical XSS Prevention for Web Application De-
velopment. In Proceedings of the 1st USENIX WebApps Conference, Boston, US,
June 2010.
4. Stephen W. Boyd and Angelos D. Keromytis. SQLrand: Preventing SQL Injection
Attacks. In Proceedings of the 2nd Applied Cryptography and Network Security
(ACNS) Conference, pages 292–302, 2004.
5. E. ECMA. 357: ECMAScript for XML (E4X) Specification. ECMA (European
Association for Standardizing Information and Communication Systems), Geneva,
Switzerland, 2004.
6. Matthew Van Gundy and Hao Chen. Noncespaces: Using Randomization to En-
force Information Flow Tracking and Thwart Cross-Site Scripting Attacks. In Pro-
ceedings of the 16th Annual Network and Distributed System Security Symposium
(NDSS), San Diego, CA, February 8-11, 2009.
7. Trevor Jim, Nikhil Swamy, and Michael Hicks. Defeating Script Injection Attacks
with Browser-Enforced Embedded Policies. In WWW ’07: Proceedings of the 16th
international conference on World Wide Web, pages 601–610, New York, NY, USA,
2007. ACM.
8. G.S. Kc, A.D. Keromytis, and V. Prevelakis. Countering Code-Injection Attacks
with Instruction-Set Randomization. In Proceedings of the 10th ACM conference
on Computer and Communications Security, pages 272–280. ACM New York, NY,
USA, 2003.
9. Angelos D. Keromytis. Randomized Instruction Sets and Runtime Environments
Past Research and Future Directions. Number 1, pages 18–25, Piscataway, NJ,
USA, 2009. IEEE Educational Activities Department.
10. Antonis Krithinakis, Elias Athanasopoulos, and Evangelos P. Markatos. Isolating
JavaScript in Dynamic Code Environments. In Proceedings of the 1st Workshop
on Analysis and Programming Languages for Web Applications and Cloud Appli-
cations (APLWACA), co-located with PLDI, Toronto, Canada, June 2010.
11. Y. Nadji, P. Saxena, and D. Song. Document Structure Integrity: A Robust Basis
for Cross-site Scripting Defense. In Proceedings of the 16th Annual Network and
Distributed System Security Symposium (NDSS), San Diego, CA, February 8-11,
2009.
12. S. Nanda, L.C. Lam, and T. Chiueh. Dynamic Multi-Process Information Flow
Tracking for Web Application Security. In Proceedings of the 8th ACM/I-
FIP/USENIX international conference on Middleware. ACM New York, NY, USA,
2007.
13. Anh Nguyen-tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, and David
Evans. Automatically Hardening Web Applications Using Precise Tainting. In
Proceedings of the 20th IFIP International Information Security Conference, pages
372–382, 2005.
14. SANS Insitute. The Top Cyber Security Risks. September 2009. http://www.
sans.org/top-cyber-security-risks/.
15. R. Sekar. An Efficient Black-box Technique for Defeating Web Application At-
tacks. In Proceedings of the 16th Annual Network and Distributed System Security
Symposium (NDSS), San Diego, CA, February 8-11, 2009.
2. SpiderMonkey (JavaScript-C) Engine. http://www.mozilla.org/js/
spidermonkey/.
3. Elias Athanasopoulos, Vasilis Pappas, Antonis Krithinakis, Spyros Ligouras, and
Evangelos P. Markatos. xJS: Practical XSS Prevention for Web Application De-
velopment. In Proceedings of the 1st USENIX WebApps Conference, Boston, US,
June 2010.
4. Stephen W. Boyd and Angelos D. Keromytis. SQLrand: Preventing SQL Injection
Attacks. In Proceedings of the 2nd Applied Cryptography and Network Security
(ACNS) Conference, pages 292–302, 2004.
5. E. ECMA. 357: ECMAScript for XML (E4X) Specification. ECMA (European
Association for Standardizing Information and Communication Systems), Geneva,
Switzerland, 2004.
6. Matthew Van Gundy and Hao Chen. Noncespaces: Using Randomization to En-
force Information Flow Tracking and Thwart Cross-Site Scripting Attacks. In Pro-
ceedings of the 16th Annual Network and Distributed System Security Symposium
(NDSS), San Diego, CA, February 8-11, 2009.
7. Trevor Jim, Nikhil Swamy, and Michael Hicks. Defeating Script Injection Attacks
with Browser-Enforced Embedded Policies. In WWW ’07: Proceedings of the 16th
international conference on World Wide Web, pages 601–610, New York, NY, USA,
2007. ACM.
8. G.S. Kc, A.D. Keromytis, and V. Prevelakis. Countering Code-Injection Attacks
with Instruction-Set Randomization. In Proceedings of the 10th ACM conference
on Computer and Communications Security, pages 272–280. ACM New York, NY,
USA, 2003.
9. Angelos D. Keromytis. Randomized Instruction Sets and Runtime Environments
Past Research and Future Directions. Number 1, pages 18–25, Piscataway, NJ,
USA, 2009. IEEE Educational Activities Department.
10. Antonis Krithinakis, Elias Athanasopoulos, and Evangelos P. Markatos. Isolating
JavaScript in Dynamic Code Environments. In Proceedings of the 1st Workshop
on Analysis and Programming Languages for Web Applications and Cloud Appli-
cations (APLWACA), co-located with PLDI, Toronto, Canada, June 2010.
11. Y. Nadji, P. Saxena, and D. Song. Document Structure Integrity: A Robust Basis
for Cross-site Scripting Defense. In Proceedings of the 16th Annual Network and
Distributed System Security Symposium (NDSS), San Diego, CA, February 8-11,
2009.
12. S. Nanda, L.C. Lam, and T. Chiueh. Dynamic Multi-Process Information Flow
Tracking for Web Application Security. In Proceedings of the 8th ACM/I-
FIP/USENIX international conference on Middleware. ACM New York, NY, USA,
2007.
13. Anh Nguyen-tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, and David
Evans. Automatically Hardening Web Applications Using Precise Tainting. In
Proceedings of the 20th IFIP International Information Security Conference, pages
372–382, 2005.
14. SANS Insitute. The Top Cyber Security Risks. September 2009. http://www.
sans.org/top-cyber-security-risks/.
15. R. Sekar. An Efficient Black-box Technique for Defeating Web Application At-
tacks. In Proceedings of the 16th Annual Network and Distributed System Security
Symposium (NDSS), San Diego, CA, February 8-11, 2009.
No comments:
Post a Comment