|
2007 |
|---|
| Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis |
Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Christopher Kruegel, Engin Kirda, Giovanni Vigna |
NDSS |
| Defeating Script Injection Attacks with Browser-Enforced Embedded Policies |
Trevor Jim, Nikhil Swamy, Michael Hicks |
WWW |
| Sound and Precise Analysis of Web Applications for Injection Vulnerabilities |
Gary Wassermann, Zhendong Su |
PLDI |
| 2006 |
|---|
| A Crawler-Based Study of Spyware on the Web |
Alexander Moshchuk, Tanya Bragin, Steve Gribble, Henry Levy |
NDSS |
| A Safety-Oriented Platform for Web Applications |
Richard Cox, Jacob Hansen, Steve Gribble, Henry Levy |
IEEE S&P |
| Behavior-based Spyware Detection |
Engin Kirda, Christopher Kruegel, Greg Banks, Giovanni Vigna, Richard Kemmerer |
Usenix |
| BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML |
Charles Reis, John Dunagan, Helen Wang, Opher Dubrovsky, Saher Esmeir |
OSDI |
| Noxes: A Client-Side Solution for Mitigating Cross Site Scripting Attacks |
Engin Kirda, Christopher Kruegel, Giovanni Vigna, Nenad Jovanovic |
SAC |
| Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities |
Nenad Jovanovic, Christopher Kruegel, Engin Kirda |
IEEE S&P |
| Preventing Cross Site Request Forgery Attacks |
Nenad Jovanovic, Engin Kirda, Christopher Kruegel |
SecurComm |
| Static Analysis for Java Servlets and JSP |
Christian Kirkegaard, Anders Moeller |
SAS |
| Static Detection of Injection Vulnerabilities in Scripting Languages |
Yichen Xie, Alex Aiken |
Usenix |
| The Essence of Command Injection Attacks in Web Applications |
Zhendong Su, Gary Wassermann |
POPL |
| Using Positive Tainting and Syntax-Aware Evaluation to Counter SQL Injection Attacks |
William Halfond, Alex Orso, Panagiotis Manolios |
FSE |
| 2005 |
|---|
| A Learning-Based Approach to the Detection of SQL Attacks |
Fredrik Valeur, Darren Mutz, Giovanni Vigna |
DIMVA |
| AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks |
William Halfond, Alex Orso |
ASE |
| Automatically Hardening Web Applications Using Precise Tainting |
Ahn Ngyuen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, David Evans |
SEC |
| Defending against Injection Attacks through Context-Sensitive String Evaluation |
Tadeusz Pietraszek, Chris Vanden Berghe |
RAID |
| Detecting Malicious JavaScript Code in Mozilla |
Oystein Hallaraker, Giovanni Vigna |
ICECCS |
| Finding Application Errors and Security Flaws Using PQL: a Program Query Language |
Michael Martin, Benjamin Livshits, Monica Lam |
OOPSLA |
| Finding Security Vulnerabilities in Java Applications with Static Analysis |
Benjamin Livshits, Monica Lam |
Usenix |
| Static Approximation of Dynamically Generated Web Pages |
Yasuhiko Minamide |
WWW |
| 2004 |
|---|
| A Proposal and Implementation of Automatic Detection/Collection System for Cross-Site Scripting Vulnerability |
Omar Ismail, Masachi Etoh, Youki Kadobayashi, Suguru Yamaguchi |
AINA |
| An Analysis Framework for Security in Web Applications |
Gary Wassermann, Zhendong Su |
SAVCBS |
| Identifying Cross Site Scripting Vulnerabilities in Web Applications |
Giuseppe Di Lucca, Anna Fasolino, M. Mastroianni, Pofirio Tramontana |
WSE |
| SQLrand: Preventing SQL Injection Attacks |
Stephen Boyd, Angelos Keromytis |
ACNS |
| Securing Web Application Code by Static Analysis and Runtime Protection |
Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai Lee, Sy-Yen Kuo |
WWW |
| Static Checking of Dynamically Generated Queries in Database Applications |
Carl Gould, Zhendong Su, Prem Devanbu |
ICSE |
| Using a SQL Coverage Measurement for Testing Database Applications |
Maria Jose Suarez-Cabal, Javier Tuya |
FSE |
| 2003 |
|---|
| Anomaly Detection of Web-based Attacks |
Christopher Kruegel, Giovanni Vigna |
CCS |
| Precise Analysis of String Expressions |
Aske Simon Christensen, Anders Moeller, Michael Schwarzbach |
SAS |