Pixy: a static analysis tool for detecting Web application vulnerabilities
作者: N. Jovanovic , C. Kruegel , E. Kirda
DOI: 10.1109/SP.2006.29
关键词:
摘要: … vulnerabilities in PHP scripts. Using our tool, we discovered and reported 15 previously unknown vulnerabilities in three Web applications, and reconstructed 36 known vulnerabilities in …
computer.org
ucsb.edu
acm.org 
sci-hub.se 参考文章(17)
Alex Aiken, Yichen Xie, Static detection of security vulnerabilities in scripting languages usenix security symposium. pp. 13- ,(2006)
Ravi Sethi, Jeffrey D. Ullman, Alfred V. Aho, Compilers: Principles, Techniques, and Tools ,(1986)
Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, David Evans, Automatically Hardening Web Applications Using Precise Tainting information security conference. pp. 295- 307 ,(2004) , 10.1007/0-387-25660-1_20
Flemming Nielson, Chris Hankin, Hanne R. Nielson, Principles of program analysis ,(1999)
David Wagner, Kunal Talwar, Jeffrey S. Foster, Umesh Shankar, Detecting format string vulnerabilities with type qualifiers usenix security symposium. pp. 16- 16 ,(2001)
K. Ashcraft, D. Engler, Using programmer-written compiler extensions to catch security holes ieee symposium on security and privacy. pp. 143- 159 ,(2002) , 10.1109/SECPRI.2002.1004368
Jeffrey S. Foster, Manuel Fähndrich, Alexander Aiken, A theory of type qualifiers Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation - PLDI '99. ,vol. 34, pp. 192- 203 ,(1999) , 10.1145/301618.301665
Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai Lee, Sy-Yen Kuo, Securing web application code by static analysis and runtime protection Proceedings of the 13th conference on World Wide Web - WWW '04. pp. 40- 52 ,(2004) , 10.1145/988672.988679
Yao-Wen Huang, Shih-Kun Huang, Tsung-Po Lin, Chung-Hung Tsai, Web application security assessment by fault injection and behavior monitoring Proceedings of the twelfth international conference on World Wide Web - WWW '03. pp. 148- 159 ,(2003) , 10.1145/775152.775174
Dawson Engler, David Yu Chen, Seth Hallem, Andy Chou, Benjamin Chelf, Bugs as deviant behavior: a general approach to inferring errors in systems code symposium on operating systems principles. ,vol. 35, pp. 57- 72 ,(2001) , 10.1145/502034.502041