REFERENCES
[1] S. M. Metev, and V. P. Veiko, “Laser Assisted Microtechnology,” 2nd
ed., R. M. Osgood, Jr., Ed. Berlin, Germany: Springer-Verlag, 1998.
[2] Z. Su and G. Wassermann, “The essence of command Injection Attacks
in Web Applications,” In Proceeding of the 33rd Annual Symposium on
Principles of Programming Languages, USA: ACM, January 2006, pp.
372-382.
[3] C. Yue and H. Wang, “Charactering Insecure JavaScript Practice on the
Web,” In Proceedings of the 18th International Conference on the World
Wide Web, Madrid, Spain: ACM, April 20-24, 2005.
[4] Y. Xie, and A. Aiken, “Static detection of security vulnerabilities in
scripting languages,” In Proceeding of the 15th USENIX Security
Symposium, July 2006, pp. 179-192.
[5] Y. Minamide, “Static Approximation of Dynamically Generated Web
Pages,” In Proceedings of the 14th International Conference on the World
Wide Web, 2005, pp. 432-441.
[6] Y.-W. Huang, F. Yu, C. Hang, C. H. Tsai, D. Lee, and S.Y. Kuo,
“Securing web application code by static analysis and runtime
protection,” In Proceedings of the 13th International World Wide Web
Conference, 2004.
[7] A.S. Christensen, A. Mǿller, and M.I. Schwartzbach, “Precise analysis
of string expression,” In proceedings of the 10th international static
analysis symposium, vol. 2694 of LNCS, Springer-Verlag, pp. 1-18.
[8] Wikipedia, http://wikipedia.org.
[9] V.B. Livshits, and M.S. Lam, “Finding security errors in Java programs
with static analysis,” In proceedings of the 14th Usenix security
symposium, August 2005, pp. 271-286.
[10] T. Jim, N. Swamy, and M. Hicks, “BEEP: Browser-Enforced Embedded
Policies,” In Proceedings of the 16th International World Wide Web
Conference, ACM, 2007, pp. 601-610.
[11] P. Bisht, and V.N. Venkatakrishnan, “XSS-GUARD: Precise dynamic
prevention of Cross-Site Scripting Attacks,” In Proceeding of 5th
Conference on Detection of Intrusions and Malware & Vulnerability
Assessment, LNCS 5137, 2008, pp. 23-43.
[12] N. Jovanovic, C. Kruegel, and E. Kirda, “Pixy: A static analysis tool for
detecting web application vulnerabilities (short paper),” In 2006 IEEE
Symposium on Security and Privacy, Oakland, CA: May 2006.
[13] E. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic, “Noxes: A client-side
solution for mitigating cross site scripting attacks,” In Proceedings of the
21st ACM symposium on Applied computing, ACM, 2006, pp. 330-337.
[14] Grossman, RSNAKE, PDP, Rager, and Fogie, “XSS Attacks: Cross-site
Scripting Exploits and Defense,” Syngress Publishing Inc, 2007.
[15] Y.-W. Huang, S.-K. Huang, T.-P. Lin, and C.-H. Tsai, “Web application
security assessment by fault injection and Behavior Monitoring,” In
Proceeding of the 12th international conference on World Wide Web,
ACM, New York, NY, USA: 2003, pp.148-159.
[16] A. Klein, “DOM Based Cross Site Scripting or XSS of the Third Kind,”
http://www.webappsec.org/projects/articles/071105.html, July 2005.
[17] “OWASP Document for top 10 2007- cross Site Scripting,”
http://www.owasp.org/index.php/Top_10_2007-Cross_Site_Scripting.
[18] T. Pietraszek, and C. V. Berghe, “Defending against Injection Attacks
through Context-Sensitive String Evaluation,” In Proceeding of the 8th
International Symposium on Recent Advance in Intrusion Detection
(RAID), September 2005.
[19] D. Balzarotti, M. Cova, V. Felmetsger, N.Jovanovic, E. Kirda, C.
Kruegel, and G. Vigna, “Saner: Composing Static and Dynamic
Analysis to Validate Sanitization in Web Applications,” In IEEE
symposium on Security and Privacy, 2008.
[20] “Web Application Security Assessment,” SPI Dynamics Whitepaper,
SPI Dynamics, 2003.
[21] “Web Application Security Testing – AppScan 3.5,” Sanctum Inc.,
http://www.sanctuminc.com.
[22] “JavaScript Security: Same origin,” Mozilla Foundation,
http://www.mozilla.org/projects/security/components/same-origin.html,
February 2006.
[23] “InterDo Version 3.0,” Kavado Whitepaper, Kavado Inc. , 2003.
[24] “AppShield,” Sanctum Inc. http://sanctuminc.com, 2005.
[25] D. Balzarotti, M. Cova, V. V. Felmetsger, and G. Vigna, “Multi-Module
Vulnerability Analysis of Web-based Applications,” In proceeding of
14th ACM Conference on Computer and Communications Security,
Alexandria, Virginia, USA: October 2007.
[26] N. Jovanovic, C. Kruegel, and E. Kirda, “Precise alias analysis for
syntactic detection of web application vulnerabilities,” In ACM
SIGPLAN Workshop on Programming Languages and Analysis for
security, Ottowa, Canada: June 2006.
[27] D. Scott, and R. Sharp, “Abstracting Application-Level Web Security,”
In Proceeding 11th international World Wide Web Conference,
Honolulu, Hawaii: 2002, pp. 396-407.
[28] Y.-W Huang, F. Yu, C. Hang, C. –H. Tsai, D. Lee, and S. –Y. Kuo.
“Verifying Web Application using BoundedModel Checking,” In
Proceedings of the International Conference on Dependable Systems and
Networks, 2004.
[29] G. Wassermann, and Z. Su, “Static detection of cross-site Scripting
vulnerabilities,” In Proceeding of the 30th International Conference on
Software Engineering, May 2008.
[30] S. Christey, “Vulnerability type distributions in CVE,”
http://cwe.mitre.org/documents/vuln-trends.html, October 2006.
[31] H. Hosoya, B. C. Pierce, “Xduce: A typed xml processing language
(preliminary report),” In Proceeding of the 3rd International Workshop
on World Wide Web and Databases, Springer-Verlag, London, UK:
2001, pp. 226—244.
[32] M. Mohri, M. Nederhof, “Regular approximation of context-free
grammars through transformation,” Robustness in Language and Speech
Technology, 1996, pp. 231-238
[33] “LogiCampus Educational Platform,”
http://sourceforge.net/projects/logicampus
[34] “Testing for DOM-based cross-site scripting (OWASP-DV-003),”
http://www.owasp.org/index.php/Testing_for_DOMbased_
Cross_site_scripting_(OWASP-DV-003)
[1] S. M. Metev, and V. P. Veiko, “Laser Assisted Microtechnology,” 2nd
ed., R. M. Osgood, Jr., Ed. Berlin, Germany: Springer-Verlag, 1998.
[2] Z. Su and G. Wassermann, “The essence of command Injection Attacks
in Web Applications,” In Proceeding of the 33rd Annual Symposium on
Principles of Programming Languages, USA: ACM, January 2006, pp.
372-382.
[3] C. Yue and H. Wang, “Charactering Insecure JavaScript Practice on the
Web,” In Proceedings of the 18th International Conference on the World
Wide Web, Madrid, Spain: ACM, April 20-24, 2005.
[4] Y. Xie, and A. Aiken, “Static detection of security vulnerabilities in
scripting languages,” In Proceeding of the 15th USENIX Security
Symposium, July 2006, pp. 179-192.
[5] Y. Minamide, “Static Approximation of Dynamically Generated Web
Pages,” In Proceedings of the 14th International Conference on the World
Wide Web, 2005, pp. 432-441.
[6] Y.-W. Huang, F. Yu, C. Hang, C. H. Tsai, D. Lee, and S.Y. Kuo,
“Securing web application code by static analysis and runtime
protection,” In Proceedings of the 13th International World Wide Web
Conference, 2004.
[7] A.S. Christensen, A. Mǿller, and M.I. Schwartzbach, “Precise analysis
of string expression,” In proceedings of the 10th international static
analysis symposium, vol. 2694 of LNCS, Springer-Verlag, pp. 1-18.
[8] Wikipedia, http://wikipedia.org.
[9] V.B. Livshits, and M.S. Lam, “Finding security errors in Java programs
with static analysis,” In proceedings of the 14th Usenix security
symposium, August 2005, pp. 271-286.
[10] T. Jim, N. Swamy, and M. Hicks, “BEEP: Browser-Enforced Embedded
Policies,” In Proceedings of the 16th International World Wide Web
Conference, ACM, 2007, pp. 601-610.
[11] P. Bisht, and V.N. Venkatakrishnan, “XSS-GUARD: Precise dynamic
prevention of Cross-Site Scripting Attacks,” In Proceeding of 5th
Conference on Detection of Intrusions and Malware & Vulnerability
Assessment, LNCS 5137, 2008, pp. 23-43.
[12] N. Jovanovic, C. Kruegel, and E. Kirda, “Pixy: A static analysis tool for
detecting web application vulnerabilities (short paper),” In 2006 IEEE
Symposium on Security and Privacy, Oakland, CA: May 2006.
[13] E. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic, “Noxes: A client-side
solution for mitigating cross site scripting attacks,” In Proceedings of the
21st ACM symposium on Applied computing, ACM, 2006, pp. 330-337.
[14] Grossman, RSNAKE, PDP, Rager, and Fogie, “XSS Attacks: Cross-site
Scripting Exploits and Defense,” Syngress Publishing Inc, 2007.
[15] Y.-W. Huang, S.-K. Huang, T.-P. Lin, and C.-H. Tsai, “Web application
security assessment by fault injection and Behavior Monitoring,” In
Proceeding of the 12th international conference on World Wide Web,
ACM, New York, NY, USA: 2003, pp.148-159.
[16] A. Klein, “DOM Based Cross Site Scripting or XSS of the Third Kind,”
http://www.webappsec.org/projects/articles/071105.html, July 2005.
[17] “OWASP Document for top 10 2007- cross Site Scripting,”
http://www.owasp.org/index.php/Top_10_2007-Cross_Site_Scripting.
[18] T. Pietraszek, and C. V. Berghe, “Defending against Injection Attacks
through Context-Sensitive String Evaluation,” In Proceeding of the 8th
International Symposium on Recent Advance in Intrusion Detection
(RAID), September 2005.
[19] D. Balzarotti, M. Cova, V. Felmetsger, N.Jovanovic, E. Kirda, C.
Kruegel, and G. Vigna, “Saner: Composing Static and Dynamic
Analysis to Validate Sanitization in Web Applications,” In IEEE
symposium on Security and Privacy, 2008.
[20] “Web Application Security Assessment,” SPI Dynamics Whitepaper,
SPI Dynamics, 2003.
[21] “Web Application Security Testing – AppScan 3.5,” Sanctum Inc.,
http://www.sanctuminc.com.
[22] “JavaScript Security: Same origin,” Mozilla Foundation,
http://www.mozilla.org/projects/security/components/same-origin.html,
February 2006.
[23] “InterDo Version 3.0,” Kavado Whitepaper, Kavado Inc. , 2003.
[24] “AppShield,” Sanctum Inc. http://sanctuminc.com, 2005.
[25] D. Balzarotti, M. Cova, V. V. Felmetsger, and G. Vigna, “Multi-Module
Vulnerability Analysis of Web-based Applications,” In proceeding of
14th ACM Conference on Computer and Communications Security,
Alexandria, Virginia, USA: October 2007.
[26] N. Jovanovic, C. Kruegel, and E. Kirda, “Precise alias analysis for
syntactic detection of web application vulnerabilities,” In ACM
SIGPLAN Workshop on Programming Languages and Analysis for
security, Ottowa, Canada: June 2006.
[27] D. Scott, and R. Sharp, “Abstracting Application-Level Web Security,”
In Proceeding 11th international World Wide Web Conference,
Honolulu, Hawaii: 2002, pp. 396-407.
[28] Y.-W Huang, F. Yu, C. Hang, C. –H. Tsai, D. Lee, and S. –Y. Kuo.
“Verifying Web Application using BoundedModel Checking,” In
Proceedings of the International Conference on Dependable Systems and
Networks, 2004.
[29] G. Wassermann, and Z. Su, “Static detection of cross-site Scripting
vulnerabilities,” In Proceeding of the 30th International Conference on
Software Engineering, May 2008.
[30] S. Christey, “Vulnerability type distributions in CVE,”
http://cwe.mitre.org/documents/vuln-trends.html, October 2006.
[31] H. Hosoya, B. C. Pierce, “Xduce: A typed xml processing language
(preliminary report),” In Proceeding of the 3rd International Workshop
on World Wide Web and Databases, Springer-Verlag, London, UK:
2001, pp. 226—244.
[32] M. Mohri, M. Nederhof, “Regular approximation of context-free
grammars through transformation,” Robustness in Language and Speech
Technology, 1996, pp. 231-238
[33] “LogiCampus Educational Platform,”
http://sourceforge.net/projects/logicampus
[34] “Testing for DOM-based cross-site scripting (OWASP-DV-003),”
http://www.owasp.org/index.php/Testing_for_DOMbased_
Cross_site_scripting_(OWASP-DV-003)
No comments:
Post a Comment