References10
[1]
Phishmarkt :: de. http://baseportal.com/
baseportal/phishmarkt/de,
2006.
[2]
Phishmarkt :: at. http://baseportal.com/
baseportal/phishmarkt/at,
2007.
[3]
A. Soulard, P. Gieling, M. Hercelin and J. Boulmont.
@lex
Guestbook. http://www.alexguestbook.
net,
2008.
[4]
Acunetix. Acunetix Web Vulnerability Scanner. http:
//www.acunetix.com/,
2008.
[5]
B. (BK) Rios. Google XSS. http://xs-sniper.com/
blog/2008/04/14/google-xss/,
2008.
[6]
D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic,
E.
Kirda, C. Kruegel, and G. Vigna. Saner: Composing
Static
and Dynamic Analysis to Validate Sanitization inWeb
Applications.
In IEEE Security and Privacy Symposium,
2008.
[7]
CERT. Advisory CA-2000-02: Malicious HTML Tags Embedded
in
Client Web Requests. http://www.cert.
org/advisories/CA-2000-02.html,
2000.
[8]
D. Endler. The Evolution of Cross Site Scripting Attacks.
Technical
report, iDEFENSE Labs, 2002.
[9]
M. V. Gundy and H. Chen. Noncespaces: Using randomization
to
enforce information flow tracking and thwart crosssite
scripting
attacks. In Proceedings of the 16th Annual Network
and
Distributed System Security Symposium (NDSS),
2009.
[10]
O. Hallaraker and G. Vigna. Detecting Malicious JavaScript
Code
in Mozilla. In Proceedings of the IEEE International
Conference
on Engineering of Complex Computer Systems
(ICECCS),
2005.
[11]
N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: A Static
Analysis
Tool for DetectingWeb Application Vulnerabilities
(Short
Paper). In IEEE Symposium on Security and Privacy,
2006.
[12]
S. Kals, E. Kirda, C. Kruegel, and N. Jovanovic. SecuBat: A
Web
Vulnerability Scanner. In World Wide Web Conference,
2006.
[13]
E. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic. Noxes:
A
client-side solution for mitigating cross-site scripting attacks.
In
21st ACM Symposium on Applied Computing
(SAC),
2006.
[14]
G. D. Lucca, A.
Fasolino, M. Mastoianni, and P. Tramontana.
Identifying
cross site scripting vulnerabilities in web
applications.
In Sixth IEEE International Workshop on Web
Site
Evolution (WSE), 2004.
[15]
M. Wagner. phpstats 0.1 alpha. http://www.
michael-wagner.de/software/phpstats/,
2008.
[16]
S. McAllister, E. Kirda, and C. Kruegel. Expanding human
interactions
for in-depth testing of web applications. In
11th
Symposium on Recent Advances in Intrusion Detection
(RAID),
2008.
[17]
NIST National Vulnerability Database. CVE-2002-
0902:
Cross-site scripting vulnerability in phpBB 2.0.0.
http://nvd.nist.gov/nvd.cfm?cvename=
CVE-2002-0902,
2002.
[18]
NIST National Vulnerability Database. CVE-2008-0125:
Cross-site
scripting (XSS) vulnerability in phpstats.php.
http://nvd.nist.gov/nvd.cfm?cvename=
CVE-2008-0125,
2008.
[19]
OWASP. OWASP Top Ten. http://www.owasp.
org/index.php/Category:OWASP_Top_Ten_
Project,
2007.
[20]
phpBB. phpBB web forum software. http://www.
phpbb.com,
2008.
[21]
PortSwigger. Burp Suite. http://portswigger.
net/suite/,
2008.
[22]
RSnake. XSS Cheat Sheet. http://ha.ckers.org/
xss.html,
2008.
[23]
D. Scott and R. Sharp. Abstracting Application-level Web
Security.
In 11th World Wide Web Conference, 2002.
[24]
SecurityFocus. @lex Guestbook Multiple Cross-Site Scripting
Vulnerabilities.
http://www.securityfocus.
com/bid/28519/,
2008.
[25]
Z. Su and G.Wassermann. The Essence of Command Injection
Attacks
in Web Applications. In Symposium on Principles
of
Programming Languages, 2006.
[26]
T. Jim and N. Swamy and M. Hicks. BEEP: Browser-
Enforced
Embedded Policies. In 16th International World
Wide
Web Conference (WWW2007), Banff,
2007.
[27]
P. Vogt, F. Nentwich, N. Jovanovic, C.
Kruegel, E. Kirda,
and
G. Vigna. Cross site scripting prevention with dynamic
data
tainting and static analysis. In 14th Annual Network
and
Distributed System Security Symposium (NDSS), 2007.
[28]
Web Application Attack and Audit Framework. http://
w3af.sourceforge.net/.
[29]
WhiteHat Security. Website Security Statistics Report.
http://www.whitehatsec.com/home/
resource/stats.html,
2008.
[30]
Y. Xie and A. Aiken. Static Detection of Security Vulnerabilities
in
Scripting Languages. In 15th USENIX Security
Symposium, 2006.
No comments:
Post a Comment