REFERENCES7
[1] Tim
Berners-Lee and Dan Connolly. Hypertext
Markup
Language - 2.0. IETF RFC 1866, November
1995.
[2] Steve
Christey and Robert A. Martin. Vulnerability
type
distributions in cve, 2007.
http://cwe.mitre.org/documents/vuln-trends/.
[3] Douglas
Crockford. ADsafe.
[4]
Facebook. Fbjs. http:
//wiki.developers.facebook.com/index.php/FBJS.
[5] David
Flanagan. JavaScript: The De_nitive Guide,
chapter 20.4
The Data-Tainting Security Model.
O'Reilly
& Associates, Inc., second edition, January
1997.
[6] Google.
Caja: A source-to-source translator for
securing
JavaScript-based web content.
http://code.google.com/p/google-caja/.
[7] Google.
V8 benchmark suite. http://v8.googlecode.
com/svn/data/benchmarks/v5/run.html.
[8] Robert
Hansen. XSS (cross site scripting) cheat sheet.
http://ha.ckers.org/xss.html.
[9] Apple
Inc. Sunspider. http://www2.webkit.org/
perf/sunspider-0.9/sunspider.html.
[10]
Inferno. Exploiting IE8 UTF-7 XSS vulnerability
using local
redirection, May 2009.
http://securethoughts.com/2009/05/
exploiting-ie8-utf-7-xss-vulnerability-using-
local-redirection/.
[11] Engin
Kirda, Christopher Kruegel, Giovanni Vigna,
and Nenad
Jovanovic. Noxes: A client-side solution for
mitigating
cross site scripting attacks. In Proceedings
of the
21st ACM Symposium on Applied Computing
(SAC), 2006.
[12] Eric
Lawrence. IE8 security part VII: Clickjacking
defenses.
http://blogs.msdn.com/ie/archive/2009/01/27/
ie8-security-part-vii-clickjacking-defenses.
aspx.
[13] David
Lindsay et al. Chrome gets XSS _lters,
September
2009.
http://sla.ckers.org/forum/read.php?13,31377.
[14] Giorgio
Maone. NoScript. http://www.noscript.net.
[15] Larry
Masinter. The \data" URL scheme. IETF RFC
2397, August
1998.
[16]
Microsoft. About dynamic properties.
http://msdn.microsoft.com/en-us/library/
ms537634(VS.85).aspx.
[17] Mitre.
CVE-2009-4074.
[18] Eduardo
Vela Nava and David Lindsay. Our favorite
XSS
_lters/IDS and how to attack them, 2009. Black
Hat USA
presentation.
[19]
Jeremias Reith. Internals of noXSS, October 2008.
http://www.noxss.org/wiki/Internals.
[20] David
Ross. IE 8 XSS _lter
architecture/implementation,
August 2008. http:
//blogs.technet.com/srd/archive/2008/08/18/
ie-8-xss-filter-architecture-implementation.
aspx.
[21] Steve.
Preventing frame busting and click jacking,
Februrary
2009.
http://coderrr.wordpress.com/2009/02/13/
preventing-frame-busting-and-click-jacking-
ui-redressing/.
[22] Andrew
van der Stock, Je_ Williams, and Dave
Wichers.
OWASP top 10, 2007.
http://www.owasp.org/index.php/Top_10_2007.
[23] Philipp
Vogt, Florian Nentwich, Nenad Jovanovic,
Engin Kirda,
Christopher Kruegel, and Giovanni
Vigna. Cross
site scripting prevention with dynamic
data
tainting and static analysis. In Proceedings of the
Network
and Distributed System Security Symposium
(NDSS), 2007.
[24] Michal
Zalewski. Browser Security Handbook,
volume 2.
http://code.google.com/p/browsersec/wiki/
Part2#Arbitrary_page_mashups_(UI_redressing).
No comments:
Post a Comment