REFERENCES11
[1] J.
Burke. Jsonrequest, part 2 (cross domain policy for
all). Blog,
March 2006. URL:
http://tagneto.blogspot.com/2006/03/
jsonrequest-part-2-cross-domain-policy.html.
[2] S. Cook.
A web developer’s guide to cross-site
scripting,
January 2003.
http://www.giac.org/practical/GSEC/Steve_Cook_GSEC.
[3] M.
Corporation. Bug 493857: Implement content
security
policy.
https://bugzilla.mozilla.org/show
bug.cgi?id=csp,
May 2009.
[4] M.
Corporation. Content security policy formal
specification.
https://wiki.mozilla.org/Security/CSP/Spec,
May
2009.
[5] D.
Danchev. Mass iframe injectable attacks, March
2008.
http://ddanchev.blogspot.com/2008/03/
massive-iframe-seo-poisoning-attack.html.
[6] J.
Grossman. Whitehat website security statistics
report.
Whitepaper, WhiteHat,
http://www.whitehatsec.com/home/assets/WPstats0808.pdf,
August 2008.
[7] M. V.
Gundy and H. Chen. Noncespaces: Using
randomization
to enforce information flow tracking
and thwart
cross-site scripting attacks. In Proceedings
of the
16th Annual Network and Distributed System
Security
Symposium (NDSS), San Diego,
CA,
Feb. 8-11,
2009.
[8] C.
Jackson, A. Barth, A. Bortz, W. Shao, and
D. Boneh.
Protecting browsers from dns rebinding
attacks. In CCS ’07:
Proceedings of the 14th ACM
conference
on Computer and communications security,
pages
421–431, New York, NY, USA,
2007. ACM.
[9] C.
Jackson, A. Bortz, D. Boneh, and J. C. Mitchell.
Stanford
safecache. http://www.safecache.com.
[10] C.
Jackson, A. Bortz, D. Boneh, and J. C. Mitchell.
Stanford
safehistory. http://www.safehistory.com.
[11] C.
Jackson, A. Bortz, D. Boneh, and J. C. Mitchell.
Protecting
browser state from web privacy attacks. In
WWW ’06:
Proceedings of the 15th international
conference
on World Wide Web, pages 737–744, New
York, NY,
USA, 2006. ACM.
[12] M.
Jakobsson and S. Stamm. Invasive browser sniffing
and
countermeasures. In WWW ’06: Proceedings of
the 15th
international conference on World Wide Web,
pages
523–532, New York, NY, USA,
2006. ACM.
[13] T. Jim,
N. Swamy, and M. Hicks. Defeating script
injection
attacks with browser-enforced embedded
policies. In
WWW ’07: Proceedings of the 16th
international
conference on World Wide Web, pages
601–610, New York, NY,
USA, 2007. ACM.
[14] N.
Jovanovic, E. Kirda, and C. Kruegel. Preventing
cross site
request forgery attacks. In the IEEE
International
Conference on Security and Privacy for
Emerging
Areas in Communication Networks
(Securecomm), pages
1–10, September 2006.
[15] Z. Mao,
N. Li, and I. Molloy. Defeating cross-site
request
forgery attacks with browser-enforced
authenticity
protection. In Financial Cryptography
and Data
Security: 13th International Conference, FC
2009, Accra Beach, Barbados, February 23-26, 2009.
Revised
Selected Papers, pages 238–255, Berlin,
Heidelberg, 2009.
Springer-Verlag.
[16] A.
Moshchuk, T. Bragin, D. Deville, S. D. Gribble,
and H. M.
Levy. Spyproxy: execution-based detection
of malicious
web content. In SS’07: Proceedings of
16th
USENIX Security Symposium on USENIX
Security
Symposium, pages 1–16, Berkeley,
CA, USA,
2007. USENIX
Association.
[17] T. Oda,
G. Wurster, P. V. Oorschot, and A. Somayaji.
Soma: Mutual
approval for included content in web
pages. In CCS’08:
ACM Computer and
Communications
Security, October 2008.
[18] C.
Reis, J. Dunagan, H. J. Wang, O. Dubrovsky, and
S. Esmeir.
Browsershield: vulnerability-driven filtering
of dynamic
html. In OSDI ’06: Proceedings of the 7th
symposium
on Operating systems design and
implementation, pages
61–74, Berkeley, CA, USA,
2006. USENIX
Association.
[19] C.
Reis, S. D. Gribble, and H. M. Levy. Architectural
principles
for safe web programs. In Sixth Workshop
on Hot
Topics in Networks (HotNets) 2007, Atlanta,
Georgia, November
2007.
[20] J.
Ruderman. In Mozilla Documentation, August
2001. URL: http://www.mozilla.org/projects/
security/components/same-origin.html.
[21] W3C.
Access control for cross-site requests. Technical
report,
February 2008.
http://www.w3.org/TR/access-control/.
[22] H. J.
Wang, X. Fan, J. Howell, and C. Jackson.
Protection
and communication abstractions for web
browsers in
mashupos. In SOSP ’07: Proceedings of
twenty-first
ACM SIGOPS symposium on Operating
systems
principles, pages 1–16, New York,
NY, USA,
2007. ACM.
No comments:
Post a Comment