Bicho D. PHP-nuke reviews module cross-site scripting
vulnerability, <http://www.securityfocus.com/bid/10493>;
2004.
Burzi F. PHP-nuke home page, <http://www.phpnuke.org; 2005. >.
CERT. Advisory CA-2000-02: malicious HTML tags embedded in
client web requests, <http://www.cert.org/advisories/CA-
2000-02.html>; 2000.
CERT. Understanding malicious content mitigation for web
developers, <http://www.cert.org/tech_tips/malicious_code_
mitigation.html>; 2005.
Charles P. Jpcap – a network packet capture library, <http://jpcap.
sourceforge.net>; 2006.
S. Cook. A web developer’s guide to cross-site scripting. Technical
report, SANS Institute, 2003.
Common Vulnerabilities. Common vulnerabilities and exposures,
<http://www.cve.mitre.org>; 2005.
ECMA-262, ECMAScript language specification, 1999.
D. Endler. The Evolution of Cross Site Scripting Attacks. Technical
report, iDEFENSE Labs, 2002.
D. Flanagan. JavaScript:TheDefinitiveGuide.December2001. 4thed.
Google. Google suggest, <http://www.google.com/webhp?
complete¼1&hl¼en>; 2006.
Y.-W. Huang, S.-K. Huang, T.-P. Lin, and C.-H. Tsai. Web
application security assessment by fault injection and
behavior monitoring. In: Proceedings of the 12th International
World Wide Web Conference (WWW 2003), May 2003.
Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D. Lee, and S.-Y. Kuo.
Securing Web Application Code by Static Analysis and
Runtime Protection. In: Proceedings of the 13th International
World Wide Web Conference (WWW 2004), May 2004.
N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: a static analysis tool
for detecting web application vulnerabilities (short paper). In:
IEEE Symposium on Security and Privacy, 2006a.
N. Jovanovic, C. Kruegel, and E. Kirda. Precise alias analysis for
static detection of web application vulnerabilities. In: ACM
SIGPLAN Workshop on Programming Languages and Analysis for
Security, 2006b.
Kerio. Kerio firewall, <http://www.kerio.com>; 2005.
E. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic. Noxes: A clientside
solution for mitigating cross-site scripting attacks. In: The
21st ACM Symposium on Applied Computing (SAC 2006), 2006.
Kossel A. eBay-Passwortklau, <http://www.heise.de/security/result.
xhtml?url¼/security/artikel/54271&words¼eBay>; 2004.
Oswald D. Htmlparser, <http://htmlparser.sourceforge.net>; 2006.
Inc Sanctum. AppShield white paper, <http://sanctuminc.com>;
2005.
D. Scott and R. Sharp. Abstracting Application-Level Web
Security. In Proceedings of the 11th International World Wide
Web Conference (WWW 2002), May 2002.
Security Focus. Bugtraq mailing list, <http://www.securityfocus.
com>; 2005.
Symantec. Symantec. Norton personal firewall, <http://www.
symantec.com/sabu/nis/npf>; 2005.
Software Tiny. Tiny firewall, <http://www. tinysoftware.com/
home/tiny2>; 2005.
H. von Hatzfeld. Javascript-Wertuebergabe zwischen
verschiedenen HTML-Dokumenten. <http://aktuell.de.
selfhtml.org/artikel/javascript/wertuebergabe>, 1999.
Labs Zone. Zone labs internet security products, <http://www.
zonelabs.com/store/content/home.jsp>; 2005.
vulnerability, <http://www.securityfocus.com/bid/10493>;
2004.
Burzi F. PHP-nuke home page, <http://www.phpnuke.org; 2005. >.
CERT. Advisory CA-2000-02: malicious HTML tags embedded in
client web requests, <http://www.cert.org/advisories/CA-
2000-02.html>; 2000.
CERT. Understanding malicious content mitigation for web
developers, <http://www.cert.org/tech_tips/malicious_code_
mitigation.html>; 2005.
Charles P. Jpcap – a network packet capture library, <http://jpcap.
sourceforge.net>; 2006.
S. Cook. A web developer’s guide to cross-site scripting. Technical
report, SANS Institute, 2003.
Common Vulnerabilities. Common vulnerabilities and exposures,
<http://www.cve.mitre.org>; 2005.
ECMA-262, ECMAScript language specification, 1999.
D. Endler. The Evolution of Cross Site Scripting Attacks. Technical
report, iDEFENSE Labs, 2002.
D. Flanagan. JavaScript:TheDefinitiveGuide.December2001. 4thed.
Google. Google suggest, <http://www.google.com/webhp?
complete¼1&hl¼en>; 2006.
Y.-W. Huang, S.-K. Huang, T.-P. Lin, and C.-H. Tsai. Web
application security assessment by fault injection and
behavior monitoring. In: Proceedings of the 12th International
World Wide Web Conference (WWW 2003), May 2003.
Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D. Lee, and S.-Y. Kuo.
Securing Web Application Code by Static Analysis and
Runtime Protection. In: Proceedings of the 13th International
World Wide Web Conference (WWW 2004), May 2004.
N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: a static analysis tool
for detecting web application vulnerabilities (short paper). In:
IEEE Symposium on Security and Privacy, 2006a.
N. Jovanovic, C. Kruegel, and E. Kirda. Precise alias analysis for
static detection of web application vulnerabilities. In: ACM
SIGPLAN Workshop on Programming Languages and Analysis for
Security, 2006b.
Kerio. Kerio firewall, <http://www.kerio.com>; 2005.
E. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic. Noxes: A clientside
solution for mitigating cross-site scripting attacks. In: The
21st ACM Symposium on Applied Computing (SAC 2006), 2006.
Kossel A. eBay-Passwortklau, <http://www.heise.de/security/result.
xhtml?url¼/security/artikel/54271&words¼eBay>; 2004.
Oswald D. Htmlparser, <http://htmlparser.sourceforge.net>; 2006.
Inc Sanctum. AppShield white paper, <http://sanctuminc.com>;
2005.
D. Scott and R. Sharp. Abstracting Application-Level Web
Security. In Proceedings of the 11th International World Wide
Web Conference (WWW 2002), May 2002.
Security Focus. Bugtraq mailing list, <http://www.securityfocus.
com>; 2005.
Symantec. Symantec. Norton personal firewall, <http://www.
symantec.com/sabu/nis/npf>; 2005.
Software Tiny. Tiny firewall, <http://www. tinysoftware.com/
home/tiny2>; 2005.
H. von Hatzfeld. Javascript-Wertuebergabe zwischen
verschiedenen HTML-Dokumenten. <http://aktuell.de.
selfhtml.org/artikel/javascript/wertuebergabe>, 1999.
Labs Zone. Zone labs internet security products, <http://www.
zonelabs.com/store/content/home.jsp>; 2005.
No comments:
Post a Comment