Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers
作者: Cristian-Alexandru Staicu , Michael Pradel
DOI:
关键词:
摘要:
tu-darmstadt.de参考文章(26)
Scott A. Crosby, Dan S. Wallach, Denial of service via algorithmic complexity attacks usenix security symposium. pp. 3- 3 ,(2003)
Christian Hammer, Jan Vitek, Brian Burg, Gregor Richards, The eval that men do: A large-scale study of the use of eval in javascript applications european conference on object-oriented programming. pp. 52- 78 ,(2011) , 10.5555/2032497.2032503
Michael Pradel, Parker Schuh, George Necula, Koushik Sen, EventBreak: analyzing the responsiveness of user interfaces through performance-guided test generation conference on object-oriented programming systems, languages, and applications. ,vol. 49, pp. 33- 47 ,(2014) , 10.1145/2660193.2660233
M. Shahbaz, P. McMinn, M. Stevenson, Automated Discovery of Valid Test Strings from the Web Using Dynamic Regular Expressions Collation and Natural Language Processing international conference on quality software. pp. 79- 88 ,(2012) , 10.1109/QSIC.2012.15
Ken Thompson, None, Programming Techniques: Regular expression search algorithm Communications of The ACM. ,vol. 11, pp. 419- 422 ,(1968) , 10.1145/363347.363387
Simon Holm Jensen, Manu Sridharan, Koushik Sen, Satish Chandra, MemInsight: platform-independent memory debugging for JavaScript foundations of software engineering. pp. 345- 356 ,(2015) , 10.1145/2786805.2786860
Heqing Huang, Sencun Zhu, Kai Chen, Peng Liu, From System Services Freezing to System Server Shutdown in Android: All You Need Is a Loop in an App computer and communications security. pp. 1236- 1247 ,(2015) , 10.1145/2810103.2813606
Michael Pradel, Markus Huggler, Thomas R. Gross, Performance regression testing of concurrent classes Proceedings of the 2014 International Symposium on Software Testing and Analysis - ISSTA 2014. pp. 13- 25 ,(2014) , 10.1145/2610384.2610393
Margus Veanes, Peli de Halleux, Nikolai Tillmann, Rex: Symbolic Regular Expression Explorer international conference on software testing, verification, and validation. pp. 498- 507 ,(2010) , 10.1109/ICST.2010.15
Jacob Burnim, Sudeep Juvekar, Koushik Sen, WISE: Automated test generation for worst-case complexity international conference on software engineering. pp. 463- 473 ,(2009) , 10.1109/ICSE.2009.5070545