References
[Alc07] Wade Alcorn. Inter-Protocol Exploitation. Whitepaper, NGSSoftware Insight Security
Research (NISR), http://www.ngssoftware.com/research/papers/
InterProtocolExploitation.pdf, March 2007.
[Dab09] Arshan Dabirsiaghi. Cross-protocol XSS with non-standard service ports. TechNote,
http://i8jesus.com/?p=75, August 2009.
[End02] David Endler. The Evolution of Cross-Site Scripting Attacks. Whitepaper, iDefense Inc.,
http://www.cgisecurity.com/lib/XSS.pdf, May 2002.
[FGM+99] R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-
Lee. Hypertext Transfer Protocol – HTTP/1.1. RFC 2616, http://www.w3.org/
Protocols/rfc2616/rfc2616.html, June 1999.
[Gra07] Robert Graham. SideJacking with Hamster. [online], http://erratasec.
blogspot.com/2007/08/sidejacking-with-hamster_05.html,
(02/02/10), August 2007.
[JKK06] Nenad Jovanovic, Christopher Kruegel, and Engin Kirda. Preventing cross site request
forgery attacks. In Proceedings of the IEEE International Conference on Security and
Privacy for Emerging Areas in Communication Networks (Securecomm 2006), 2006.
[Joh06] Martin Johns. SessionSafe: Implementing XSS Immune Session Handling. In Dieter
Gollmann, Jan Meier, and Andrei Sabelfeld, editors, European Symposium on Research
in Computer Security (ESORICS 2006), volume 4189 of LNCS, pages 444–460. Springer,
September 2006.
[JW06] Martin Johns and Justus Winter. RequestRodeo: Client Side Protection against Session
Riding. In Frank Piessens, editor, OWASP Europe 2006, May 2006.
[Kam09] Samy Kamkar. phpwn: Attack on PHP sessions and random numbers. Security Advisory,
http://samy.pl/phpwn/, August 2009.
[KKVJ06] Engin Kirda, Christopher Kruegel, Giovanni Vigna, and Nenad Jovanovic. Noxes: A
Client-Side Solution for Mitigating Cross Site Scripting Attacks. In Security Track of the
21st ACM Symposium on Applied Computing (SAC 2006), April 2006.
[Kle04] Amid Klein. ”Divide and Conquer” - HTTP Response Splitting, Web
Cache Poisoning Attacks, and Related Topics. Whitepaper, Sanctum Inc.,
http://packetstormsecurity.org/papers/general/whitepaper_
httpresponse.pdf, March 2004.
[KM00] D. Kristol and L. Montulli. HTTP State Management Mechanism. RFC 2965, http:
//www.ietf.org/rfc/rfc2965.txt, October 2000.
[Kol02] Mitja Kolsek. Session Fixation Vulnerability in Web-based Applications. Whitepaper,
Acros Security, http://www.acrossecurity.com/papers/session_
fixation.pdf, December 2002.
[(OW09] The Open Web Application Security Project (OWASP). Session Fixation. TechNote,
http://www.owasp.org/index.php/Session_Fixation, February 2009.
[OWA08] OWASP German Chapter. OWASP Best Practices: Use of Web Application
Firewalls. [whitepaper], http://www.owasp.org/index.php/Category:
OWASP_Best_Practices:_Use_of_Web_Application_Firewalls, July
2008.
[Rud01] Jesse Ruderman. The Same Origin Policy. [online], http://www.mozilla.org/
projects/security/components/same-origin.html (01/10/06), August
2001.
[Sec09] SecurityFocus. Ruby on Rails ‘redirect to’ HTTP Header Injection Vulnerability. Tech-
Note, http://www.securityfocus.com/bid/32359, December 2009.
[Top01] Jochen Topf. The HTML Form Protocol Attack. TechNote, http://www.remote.
org/jochen/sec/hfpa/hfpa.pdf, August 2001.
[(WA10] The Web Application Security Consortium (WASC). Session Fixation. TechNote,
http://projects.webappsec.org/Session-Fixation, January 2010.
[Web08] Heiko Webers. Header Injection And Response Splitting. Tech-
Note, http://www.rorsecurity.info/journal/2008/10/20/
header-injection-and-response-splitting.html, October 2008.
[Zal06] Michal Zalewski. Cross Site Cooking. Whitepaper, http://www.
[Alc07] Wade Alcorn. Inter-Protocol Exploitation. Whitepaper, NGSSoftware Insight Security
Research (NISR), http://www.ngssoftware.com/research/papers/
InterProtocolExploitation.pdf, March 2007.
[Dab09] Arshan Dabirsiaghi. Cross-protocol XSS with non-standard service ports. TechNote,
http://i8jesus.com/?p=75, August 2009.
[End02] David Endler. The Evolution of Cross-Site Scripting Attacks. Whitepaper, iDefense Inc.,
http://www.cgisecurity.com/lib/XSS.pdf, May 2002.
[FGM+99] R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-
Lee. Hypertext Transfer Protocol – HTTP/1.1. RFC 2616, http://www.w3.org/
Protocols/rfc2616/rfc2616.html, June 1999.
[Gra07] Robert Graham. SideJacking with Hamster. [online], http://erratasec.
blogspot.com/2007/08/sidejacking-with-hamster_05.html,
(02/02/10), August 2007.
[JKK06] Nenad Jovanovic, Christopher Kruegel, and Engin Kirda. Preventing cross site request
forgery attacks. In Proceedings of the IEEE International Conference on Security and
Privacy for Emerging Areas in Communication Networks (Securecomm 2006), 2006.
[Joh06] Martin Johns. SessionSafe: Implementing XSS Immune Session Handling. In Dieter
Gollmann, Jan Meier, and Andrei Sabelfeld, editors, European Symposium on Research
in Computer Security (ESORICS 2006), volume 4189 of LNCS, pages 444–460. Springer,
September 2006.
[JW06] Martin Johns and Justus Winter. RequestRodeo: Client Side Protection against Session
Riding. In Frank Piessens, editor, OWASP Europe 2006, May 2006.
[Kam09] Samy Kamkar. phpwn: Attack on PHP sessions and random numbers. Security Advisory,
http://samy.pl/phpwn/, August 2009.
[KKVJ06] Engin Kirda, Christopher Kruegel, Giovanni Vigna, and Nenad Jovanovic. Noxes: A
Client-Side Solution for Mitigating Cross Site Scripting Attacks. In Security Track of the
21st ACM Symposium on Applied Computing (SAC 2006), April 2006.
[Kle04] Amid Klein. ”Divide and Conquer” - HTTP Response Splitting, Web
Cache Poisoning Attacks, and Related Topics. Whitepaper, Sanctum Inc.,
http://packetstormsecurity.org/papers/general/whitepaper_
httpresponse.pdf, March 2004.
[KM00] D. Kristol and L. Montulli. HTTP State Management Mechanism. RFC 2965, http:
//www.ietf.org/rfc/rfc2965.txt, October 2000.
[Kol02] Mitja Kolsek. Session Fixation Vulnerability in Web-based Applications. Whitepaper,
Acros Security, http://www.acrossecurity.com/papers/session_
fixation.pdf, December 2002.
[(OW09] The Open Web Application Security Project (OWASP). Session Fixation. TechNote,
http://www.owasp.org/index.php/Session_Fixation, February 2009.
[OWA08] OWASP German Chapter. OWASP Best Practices: Use of Web Application
Firewalls. [whitepaper], http://www.owasp.org/index.php/Category:
OWASP_Best_Practices:_Use_of_Web_Application_Firewalls, July
2008.
[Rud01] Jesse Ruderman. The Same Origin Policy. [online], http://www.mozilla.org/
projects/security/components/same-origin.html (01/10/06), August
2001.
[Sec09] SecurityFocus. Ruby on Rails ‘redirect to’ HTTP Header Injection Vulnerability. Tech-
Note, http://www.securityfocus.com/bid/32359, December 2009.
[Top01] Jochen Topf. The HTML Form Protocol Attack. TechNote, http://www.remote.
org/jochen/sec/hfpa/hfpa.pdf, August 2001.
[(WA10] The Web Application Security Consortium (WASC). Session Fixation. TechNote,
http://projects.webappsec.org/Session-Fixation, January 2010.
[Web08] Heiko Webers. Header Injection And Response Splitting. Tech-
Note, http://www.rorsecurity.info/journal/2008/10/20/
header-injection-and-response-splitting.html, October 2008.
[Zal06] Michal Zalewski. Cross Site Cooking. Whitepaper, http://www.
No comments:
Post a Comment