[1] M. Almgren, H. Debar, and M. Dacier. A lightweight tool
for detecting web server attacks. In ISOC Symposium on
Network and Distributed Systems Security (NDSS), 2000.
[2] HTMLParser. http://htmlparser.sourceforge.
net/, 2006.
[3] Y.-W. Huang, S.-K. Huang, and T.-P. Lin. Web Application
Security Assessment by Fault Injection and Behavior Monitoring.
In 12th International World Wide Web Conference
(WWW), 2003.
[4] Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D.-T. Lee, and S.-
Y. Kuo. Securing Web Application Code by Static Analysis
and Runtime Protection. In 13th International World Wide
Web Conference, 2004.
[5] Java Q & A - Session State in the Client Tier.
http://java.sun.com/blueprints/qanda/
client_tier/session_state.html, 2006.
[6] N. Jovanovic, E. Kirda, and C. Kruegel. Preventing Cross
Site Request Forgery Attacks. Technical report.
[7] N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: A Static
Analysis Tool for DetectingWeb Application Vulnerabilities
(Short Paper). In IEEE Symposium on Security and Privacy,
2006.
[8] E. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic. Noxes:
A Client-Side Solution for Mitigating Cross Site Scripting
Attacks. In 21st ACM Symposium on Applied Computing
(SAC), 2006.
[9] C. Kruegel and G. Vigna. Anomaly Detection ofWeb-based
Attacks. In 10th ACM Conference on Computer and Communication
Security (CCS), 2003.
[10] Martin Johns and Justus Winter. RequestRodeo:
Client Side Protection against Session Riding.
{OWASPAppSec2006Europe}, 2006.
[11] ModSecurity. http://www.modsecurity.org/.
[12] Persistent Client State: HTTP Cookies. http:
//wp.netscape.com/newsref/std/cookie\
_spec.html, 1999.
[13] PHP: Hypertext Preprocessor. http://www.php.net.
[14] PHP Manual. http://www.php.net/manual/en.
[15] PHP Session Security. http://www.
webkreator.com/php/configuration/
php-session-security.html, 2002.
[16] T. Pietraszek and C. V. Berghe. Defending against Injection
Attacks through Context-Sensitive String Evaluation. In Recent
Advances in Intrusion Detection (RAID), 2005.
[17] RFC 2616, Security Considerations. http://www.
w3.org/Protocols/rfc2616/rfc2616-sec15.
html, 1999.
[18] T. Schreiber. Session Riding: AWidespread Vulnerability in
Today’s Web Applications. http://www.securenet.
de/papers/Session\_Riding.pdf, 2001.
[19] D. Scott and R. Sharp. Abstracting Application-Level Web
Security. In 11th International World Wide Web Conference
(WWW), 2002.
[20] C. Shiflett. Foiling Cross-Site Attacks. http://www.
securityfocus.com/archive/1/191390, 2001.
[21] C. Shiflett. PHP Security. In O’Reilly Open Source Convention,
2004.
[22] SourceForge. http://sourceforge.net/, 2006.
[23] P. W. Cross-Site Request Forgeries. http://www.
securityfocus.com/archive/1/191390, 2001.
[24] L. Wall, T. Christiansen, R. Schwartz, and S. Potter. Programming
Perl (2nd ed.). O’Reilly & Associates, Inc., 1996.
for detecting web server attacks. In ISOC Symposium on
Network and Distributed Systems Security (NDSS), 2000.
[2] HTMLParser. http://htmlparser.sourceforge.
net/, 2006.
[3] Y.-W. Huang, S.-K. Huang, and T.-P. Lin. Web Application
Security Assessment by Fault Injection and Behavior Monitoring.
In 12th International World Wide Web Conference
(WWW), 2003.
[4] Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D.-T. Lee, and S.-
Y. Kuo. Securing Web Application Code by Static Analysis
and Runtime Protection. In 13th International World Wide
Web Conference, 2004.
[5] Java Q & A - Session State in the Client Tier.
http://java.sun.com/blueprints/qanda/
client_tier/session_state.html, 2006.
[6] N. Jovanovic, E. Kirda, and C. Kruegel. Preventing Cross
Site Request Forgery Attacks. Technical report.
[7] N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: A Static
Analysis Tool for DetectingWeb Application Vulnerabilities
(Short Paper). In IEEE Symposium on Security and Privacy,
2006.
[8] E. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic. Noxes:
A Client-Side Solution for Mitigating Cross Site Scripting
Attacks. In 21st ACM Symposium on Applied Computing
(SAC), 2006.
[9] C. Kruegel and G. Vigna. Anomaly Detection ofWeb-based
Attacks. In 10th ACM Conference on Computer and Communication
Security (CCS), 2003.
[10] Martin Johns and Justus Winter. RequestRodeo:
Client Side Protection against Session Riding.
{OWASPAppSec2006Europe}, 2006.
[11] ModSecurity. http://www.modsecurity.org/.
[12] Persistent Client State: HTTP Cookies. http:
//wp.netscape.com/newsref/std/cookie\
_spec.html, 1999.
[13] PHP: Hypertext Preprocessor. http://www.php.net.
[14] PHP Manual. http://www.php.net/manual/en.
[15] PHP Session Security. http://www.
webkreator.com/php/configuration/
php-session-security.html, 2002.
[16] T. Pietraszek and C. V. Berghe. Defending against Injection
Attacks through Context-Sensitive String Evaluation. In Recent
Advances in Intrusion Detection (RAID), 2005.
[17] RFC 2616, Security Considerations. http://www.
w3.org/Protocols/rfc2616/rfc2616-sec15.
html, 1999.
[18] T. Schreiber. Session Riding: AWidespread Vulnerability in
Today’s Web Applications. http://www.securenet.
de/papers/Session\_Riding.pdf, 2001.
[19] D. Scott and R. Sharp. Abstracting Application-Level Web
Security. In 11th International World Wide Web Conference
(WWW), 2002.
[20] C. Shiflett. Foiling Cross-Site Attacks. http://www.
securityfocus.com/archive/1/191390, 2001.
[21] C. Shiflett. PHP Security. In O’Reilly Open Source Convention,
2004.
[22] SourceForge. http://sourceforge.net/, 2006.
[23] P. W. Cross-Site Request Forgeries. http://www.
securityfocus.com/archive/1/191390, 2001.
[24] L. Wall, T. Christiansen, R. Schwartz, and S. Potter. Programming
Perl (2nd ed.). O’Reilly & Associates, Inc., 1996.
 
No comments:
Post a Comment