References9
[1] Bugzilla. http://www.bugzilla,org/.
[2] HotCRP. http://www.cs.ucla.edu/˜kohler/hotcrp/
index.html/.
[3] OWASP: Top 10 2007. http://www.owasp.org/index.php/
Top_10_2007.
[4] E. Athanasopoulos, V. Pappas, and E.
Markatos. Code injection attacks
in browsers supporting policies. In Proceedings of Web 2.0 Security and
Privacy 2009, 2009.
[5] P. Bisht and V. N. Venkatakrishnan. Xss-guard: Precise
dynamic prevention
of cross-site scripting attacks. In Proceedings of the 5th international
conference on Detection of Intrusions and Malware, and
Vulnerability Assessment,
DIMVA ’08, pages 23–43, Berlin,
Heidelberg,
2008. Springer-
Verlag.
[6] F. Buclin. Bugzilla usage world wide. http://lpsolit.
wordpress.com/bugzilla-usage-worldwide/.
[7] Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D.-T. Lee, and
S.-Y. Kuo. Securing
web application code by static analysis and runtime
protection. In Proceedings
of the 13th international conference on World Wide Web, WWW
’04, pages 40–52, New
York, NY, USA, 2004. ACM.
[8] T. Jim, N. Swamy, and
M. Hicks. Beep: Browser-enforced embedded policies.
16th International World World Web Conference, 2007.
[9] B. Livshits and M. S. Lam. Finding security errors in
Java programs with
static analysis. In Proceedings
of the Usenix Security Symposium, 2005.
[10] B. Livshits, M. Martin, and M. S. Lam. SecuriFly:
Runtime protection and
recovery from Web application vulnerabilities. Technical
report, Stanford
University, Sept. 2006.
[11] B. Livshits and U´ lfar Erlingsson. Using web
application construction
frameworks to protect against code injection attacks. In Proceedings of
the 2007 workshop on Programming languages and analysis
for security.
[12] L. Meyerovich and B. Livshits. ConScript: Specifying
and enforcing finegrained
security policies for JavaScript in the browser. In IEEE Symposium
on Security and Privacy,
May 2010.
[13] Y. Nadji, P. Saxena, and D. Song. Document structure
integrity: A robust
basis for cross-site scripting defense. Proceedings of the 16th Network and
Distributed System Security Symposium, 2009.
[14] P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant,
and D. Song. A
symbolic execution framework for javascript. In Proceedings of the 2010
IEEE Symposium on Security and Privacy, SP ’10, pages 513–528, Washington,
DC, USA,
2010. IEEE Computer Society.
[15] P. Saxena, S. Hanna, P. Poosankam, and D. Song. FLAX:
Systematic discovery
of client-side validation vulnerabilities in rich web
applications. In
Network & Distributed System Security Symposium,
(NDSS), 2010.
[16] P. Saxena, D. Molnar, and B. Livshits. Scriptgard:
Preventing script injection
attacks in legacy web applications with automatic
sanitization. Technical
report, Microsoft Research, September 2010.
[17] S. Stamm. Content security policy, 2009.
[18] S. Stamm, B. Sterne, and G. Markham. Reining in the
web with content
security policy. In Proceedings
of the 19th international conference on
World wide web, WWW
’10, pages 921–930, New York,
NY, USA,
2010.
ACM.
[19] Z. Su and G. Wassermann. The essence of command
injection attacks in
web applications. 2006.
[20] Template Toolkit. http://template-toolkit.org.
[21] Ter Louw, Mike and V.N. Venkatakrishnan. BluePrint:
Robust Prevention
of Cross-site Scripting Attacks for Existing Browsers. In Proceedings of
the IEEE Symposium on Security and Privacy, 2009.
[22] TNW: The Next Web. YouTube hacked, Justin Bieber
videos targeted.
http://thenextweb.com/socialmedia/2010/07/04/
youtube-hacked-justin-bieber-videos-targeted/.
[23] G. Wassermann and Z. Su. Sound and precise analysis of
web applications
for injection vulnerabilities. In Proceedings of the ACM SIGPLAN conference
on Programming language design and implementation, pages 32–41,
New York, NY, USA,
2007. ACM.
[24] G. Wassermann, D. Yu, A. Chander, D. Dhurjati, H.
Inamura, and Z. Su.
Dynamic test input generation for web applications. In Proceedings of the
International symposium on Software testing and
analysis, 2008.
[25] J. Weinberger, P. Saxena, D. Akhawe, M. Finifter, R.
Shin, and D. Song. A
systematic analysis of xss sanitization in web application
frameworks. In
Proceedings of 16th European Symposium on Research in
Computer Security
(ESORICS), 2011.
[26] WhiteHat Security. WhiteHat Webinar: Fall 2010 Website
Statistics
Report. http://www.whitehatsec.com/home/resource/
presentation.html.
[27] Y. Xie and A. Aiken. Static detection of security
vulnerabilities in scripting
languages. In Proceedings
of the Usenix Security Symposium, 2006.
[28] W. Xu, S. Bhatkar, and R. Sekar. Taint-enhanced policy
enforcement: A
practical approach to defeat a wide range of attacks. In Proceedings of the
15th USENIX Security Symposium, pages 121–136, 2006.
No comments:
Post a Comment