JoanAudit: a tool for auditing common injection vulnerabilities
作者: Julian Thomé , Lwin Khin Shar , Domenico Bianculli , Lionel C. Briand
关键词: Audit 、 Computer security 、 Static analysis 、 Code (cryptography) 、 Engineering 、 Source code 、 Software development 、 Web application 、 Web service 、 Secure coding
摘要: … of sanitization — by using standard sanitization procedures. Our evaluation shows that by using … , security auditors are required to inspect only 1% of the total code for auditing common …
acm.org
smu.edu.sg
core.ac.uk参考文章(43)
Zhao Tao, Detection and Service Security Mechanism of XML Injection Attacks Communications in Computer and Information Science. pp. 67- 75 ,(2013) , 10.1007/978-3-642-53703-5_8
Pablo Martín Pérez, Joanna Filipiak, José María Sierra, None, LAPSE+ Static Analysis Security Software: Vulnerabilities Detection in Java EE Applications Springer, Berlin, Heidelberg. pp. 148- 156 ,(2011) , 10.1007/978-3-642-22333-4_17
V. Benjamin Livshits, Monica S. Lam, Finding security vulnerabilities in java applications with static analysis usenix security symposium. pp. 18- 18 ,(2005)
Ganeshan Jayaraman, Venkatesh Prasad Ranganath, John Hatcliff, Kaveri: Delivering the Indus Java Program Slicer to Eclipse Fundamental Approaches to Software Engineering. pp. 269- 272 ,(2005) , 10.1007/978-3-540-31984-9_20
Omer Tripp, Marco Pistoia, Patrick Cousot, Radhia Cousot, Salvatore Guarnieri, ANDROMEDA: accurate and scalable security analysis of web applications fundamental approaches to software engineering. ,vol. 7793, pp. 210- 225 ,(2013) , 10.1007/978-3-642-37057-1_15
Wei Huang, Yao Dong, Ana Milanova, Type-Based Taint Analysis for Java Web Applications fundamental approaches to software engineering. pp. 140- 154 ,(2014) , 10.1007/978-3-642-54804-8_10
Christian Mainka, Meiko Jensen, Luigi Lo Iacono, Jörg Schwenk, Making XML Signatures Immune to XML Signature Wrapping Attacks international conference on cloud computing and services science. pp. 151- 167 ,(2012) , 10.1007/978-3-319-04519-1_10
Fang Yu, Muath Alkhalaf, Tevfik Bultan, STRANGER: an automata-based string analysis tool for PHP tools and algorithms for construction and analysis of systems. pp. 154- 157 ,(2010) , 10.1007/978-3-642-12002-2_13
Abdul Razzaq, Khalid Latif, H Farooq Ahmad, Ali Hur, Zahid Anwar, Peter Charles Bloodsworth, None, Semantic security against web application attacks Information Sciences. ,vol. 254, pp. 19- 38 ,(2014) , 10.1016/J.INS.2013.08.007
David Hovemeyer, William Pugh, Finding bugs is easy conference on object-oriented programming systems, languages, and applications. pp. 132- 136 ,(2004) , 10.1145/1028664.1028717