高级搜索
    删除搜索历史记录.
    我的图书馆

    25 million flows later: large-scale detection of DOM-based XSS

    作者: Sebastian Lekies , Ben Stock , Martin Johns

    DOI: 10.1145/2508859.2516703

    关键词: Javascript engineScripting languageWorld Wide WebScale (map)Cross-site scriptingJavaScriptDatabaseComputer scienceExploit

    摘要: … detect and validate DOM-based XSS vulnerabilities, consisting of a taint-aware JavaScript engine and corresponding DOM … examined sites carry at least one DOMbased XSS problem. …

    参考文章(27)
    1.
    Alex Aiken, Yichen Xie, Static detection of security vulnerabilities in scripting languages usenix security symposium. pp. 13- ,(2006)
    2.
    Michael Martin, Monica S. Lam, Automatic generation of XSS and SQL injection attacks with goal-directed model checking usenix security symposium. pp. 31- 43 ,(2008)
    3.
    Mario Heiderich, Gareth Heyes, David Lindsay, Eduardo Alberto Vela Nava, Web Application Obfuscation: '-/Wafs..Evasion..Filters//Alert(/Obfuscation/)-' ,(2010)
    4.
    Engin Kirda, Christopher Krügel, Nenad Jovanovic, Giovanni Vigna, Philipp Vogt, Florian Nentwich, Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. network and distributed system security symposium. ,(2007)
    5.
    Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, David Evans, Automatically Hardening Web Applications Using Precise Tainting information security conference. pp. 295- 307 ,(2004) , 10.1007/0-387-25660-1_20
    6.
    Fabrizio d'Amore, Mauro Gentile, Automatic and Context-Aware Cross-Site Scripting Filter Evasion Research Papers in Economics. ,(2012)
    7.
    Yacin Nadji, Prateek Saxena, Dawn Song, Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense. network and distributed system security symposium. ,(2009)
    8.
    Juan José Conti, Alejandro Russo, A taint mode for python via a library nordic conference on secure it systems. ,vol. 7127, pp. 210- 222 ,(2010) , 10.1007/978-3-642-27937-9_15
    9.
    Prithvi Bisht, V. N. Venkatakrishnan, XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks international conference on detection of intrusions and malware and vulnerability assessment. pp. 23- 43 ,(2008) , 10.1007/978-3-540-70542-0_2
    10.
    Benjamin Livshits, Abhishek Prateek, K Vikram, Ripley: Automatically Securing Distributed Web Applications Through Replicated Execution pp. 27- ,(2008)
    来源期刊
    computer and communications security ACM
    • 2013 年,
    • Volume: , Issue: ,
    • Page: 1193-1204
    相似文章 10
    学术资源搜索(ver.BATE)

    为学术研究人员、学生以及专业人士设计的在线资源检索工具。
    致力于为用户提供全球范围内高质量开放学术文献、研究报告、会议论文、期刊文章等学术资源的便捷访问.

    Copyright © 2023. KipHub all right reserved. 沪ICP备2023020492号-1
    联系方式Terms & ConditionsSecurity
    Copyright 2023 ©KipHub.