REFERENCES
[1] Tim Berners-Lee and Dan Connolly. Hypertext
Markup Language - 2.0. IETF RFC 1866, November
1995.
[2] Steve Christey and Robert A. Martin. Vulnerability
type distributions in cve, 2007.
http://cwe.mitre.org/documents/vuln-trends/.
[3] Douglas Crockford. ADsafe.
[4] Facebook. Fbjs. http:
//wiki.developers.facebook.com/index.php/FBJS.
[5] David Flanagan. JavaScript: The De nitive Guide,
chapter 20.4 The Data-Tainting Security Model.
O'Reilly & Associates, Inc., second edition, January
1997.
[6] Google. Caja: A source-to-source translator for
securing JavaScript-based web content.
http://code.google.com/p/google-caja/.
[7] Google. V8 benchmark suite. http://v8.googlecode.
com/svn/data/benchmarks/v5/run.html.
[8] Robert Hansen. XSS (cross site scripting) cheat sheet.
http://ha.ckers.org/xss.html.
[9] Apple Inc. Sunspider. http://www2.webkit.org/
perf/sunspider-0.9/sunspider.html.
[10] Inferno. Exploiting IE8 UTF-7 XSS vulnerability
using local redirection, May 2009.
http://securethoughts.com/2009/05/
exploiting-ie8-utf-7-xss-vulnerability-using-
local-redirection/.
[11] Engin Kirda, Christopher Kruegel, Giovanni Vigna,
and Nenad Jovanovic. Noxes: A client-side solution for
mitigating cross site scripting attacks. In Proceedings
of the 21st ACM Symposium on Applied Computing
(SAC), 2006.
[12] Eric Lawrence. IE8 security part VII: Clickjacking
defenses.
http://blogs.msdn.com/ie/archive/2009/01/27/
ie8-security-part-vii-clickjacking-defenses.
aspx.
[13] David Lindsay et al. Chrome gets XSS lters,
September 2009.
http://sla.ckers.org/forum/read.php?13,31377.
[14] Giorgio Maone. NoScript. http://www.noscript.net.
[15] Larry Masinter. The \data" URL scheme. IETF RFC
2397, August 1998.
[16] Microsoft. About dynamic properties.
http://msdn.microsoft.com/en-us/library/
ms537634(VS.85).aspx.
[17] Mitre. CVE-2009-4074.
[18] Eduardo Vela Nava and David Lindsay. Our favorite
XSS lters/IDS and how to attack them, 2009. Black
Hat USA presentation.
[19] Jeremias Reith. Internals of noXSS, October 2008.
http://www.noxss.org/wiki/Internals.
[20] David Ross. IE 8 XSS lter
architecture/implementation, August 2008. http:
//blogs.technet.com/srd/archive/2008/08/18/
ie-8-xss-filter-architecture-implementation.
aspx.
[21] Steve. Preventing frame busting and click jacking,
Februrary 2009.
http://coderrr.wordpress.com/2009/02/13/
preventing-frame-busting-and-click-jacking-
ui-redressing/.
[22] Andrew van der Stock, Je Williams, and Dave
Wichers. OWASP top 10, 2007.
http://www.owasp.org/index.php/Top_10_2007.
[23] Philipp Vogt, Florian Nentwich, Nenad Jovanovic,
Engin Kirda, Christopher Kruegel, and Giovanni
Vigna. Cross site scripting prevention with dynamic
data tainting and static analysis. In Proceedings of the
Network and Distributed System Security Symposium
(NDSS), 2007.
[24] Michal Zalewski. Browser Security Handbook,
volume 2.
http://code.google.com/p/browsersec/wiki/
Part2#Arbitrary_page_mashups_(UI_redressing).
[1] Tim Berners-Lee and Dan Connolly. Hypertext
Markup Language - 2.0. IETF RFC 1866, November
1995.
[2] Steve Christey and Robert A. Martin. Vulnerability
type distributions in cve, 2007.
http://cwe.mitre.org/documents/vuln-trends/.
[3] Douglas Crockford. ADsafe.
[4] Facebook. Fbjs. http:
//wiki.developers.facebook.com/index.php/FBJS.
[5] David Flanagan. JavaScript: The De nitive Guide,
chapter 20.4 The Data-Tainting Security Model.
O'Reilly & Associates, Inc., second edition, January
1997.
[6] Google. Caja: A source-to-source translator for
securing JavaScript-based web content.
http://code.google.com/p/google-caja/.
[7] Google. V8 benchmark suite. http://v8.googlecode.
com/svn/data/benchmarks/v5/run.html.
[8] Robert Hansen. XSS (cross site scripting) cheat sheet.
http://ha.ckers.org/xss.html.
[9] Apple Inc. Sunspider. http://www2.webkit.org/
perf/sunspider-0.9/sunspider.html.
[10] Inferno. Exploiting IE8 UTF-7 XSS vulnerability
using local redirection, May 2009.
http://securethoughts.com/2009/05/
exploiting-ie8-utf-7-xss-vulnerability-using-
local-redirection/.
[11] Engin Kirda, Christopher Kruegel, Giovanni Vigna,
and Nenad Jovanovic. Noxes: A client-side solution for
mitigating cross site scripting attacks. In Proceedings
of the 21st ACM Symposium on Applied Computing
(SAC), 2006.
[12] Eric Lawrence. IE8 security part VII: Clickjacking
defenses.
http://blogs.msdn.com/ie/archive/2009/01/27/
ie8-security-part-vii-clickjacking-defenses.
aspx.
[13] David Lindsay et al. Chrome gets XSS lters,
September 2009.
http://sla.ckers.org/forum/read.php?13,31377.
[14] Giorgio Maone. NoScript. http://www.noscript.net.
[15] Larry Masinter. The \data" URL scheme. IETF RFC
2397, August 1998.
[16] Microsoft. About dynamic properties.
http://msdn.microsoft.com/en-us/library/
ms537634(VS.85).aspx.
[17] Mitre. CVE-2009-4074.
[18] Eduardo Vela Nava and David Lindsay. Our favorite
XSS lters/IDS and how to attack them, 2009. Black
Hat USA presentation.
[19] Jeremias Reith. Internals of noXSS, October 2008.
http://www.noxss.org/wiki/Internals.
[20] David Ross. IE 8 XSS lter
architecture/implementation, August 2008. http:
//blogs.technet.com/srd/archive/2008/08/18/
ie-8-xss-filter-architecture-implementation.
aspx.
[21] Steve. Preventing frame busting and click jacking,
Februrary 2009.
http://coderrr.wordpress.com/2009/02/13/
preventing-frame-busting-and-click-jacking-
ui-redressing/.
[22] Andrew van der Stock, Je Williams, and Dave
Wichers. OWASP top 10, 2007.
http://www.owasp.org/index.php/Top_10_2007.
[23] Philipp Vogt, Florian Nentwich, Nenad Jovanovic,
Engin Kirda, Christopher Kruegel, and Giovanni
Vigna. Cross site scripting prevention with dynamic
data tainting and static analysis. In Proceedings of the
Network and Distributed System Security Symposium
(NDSS), 2007.
[24] Michal Zalewski. Browser Security Handbook,
volume 2.
http://code.google.com/p/browsersec/wiki/
Part2#Arbitrary_page_mashups_(UI_redressing).
No comments:
Post a Comment