SCOPUS 정보 검색 플랫폼

Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems, SESS 2009

Volumn , Issue , 2009, Pages 25-32

A hybrid analysis framework for detecting web application vulnerabilities

(3) Monga, Mattia a Paleari, Roberto a Passerini, Emanuele a

a UNIVERSITY OF MILAN (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

BYTECODES; DYNAMIC MONITORING; HYBRID ANALYSIS; OUTPUT FUNCTIONS; PROGRAM ANALYSIS; RUNTIMES; SENSITIVE DATAS; STATIC AND DYNAMIC APPROACH; WEB APPLICATION; WEB APPLICATION VULNERABILITY;

COMPUTER SOFTWARE; PHASE INTERFACES; WORLD WIDE WEB;

DYNAMIC ANALYSIS;

EID: 70349923612 PISSN: None EISSN: None Source Type: Conference Proceeding
DOI: 10.1109/IWSESS.2009.5068455 Document Type: Conference Paper

Times cited : (24)

References (20)

1
- 33846012075
- A. V. Aho, R. Sethi, and J. D. Ullman. Compilers, Addison-Wesley
- A. V. Aho, R. Sethi, and J. D. Ullman. Compilers, Principles, Techniques, and Tools. Addison-Wesley, 1986.
- (1986) Principles, Techniques, and Tools

2
- 84976844361
- Control Flow Analysis
- F. E. Allen. Control Flow Analysis. SIGPLAN Notices, 5, 1970.
- (1970) SIGPLAN Notices , vol.5
- Allen, F.E.¹

3
- 50249115131
- Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
- Oakland, CA, May
- D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2008.
- (2008) Proceedings of the IEEE Symposium on Security and Privacy
- Balzarotti, D.¹ Cova, M.² Felmetsger, V.³ Jovanovic, N.⁴ Kirda, E.⁵ Kruegel, C.⁶ Vigna, G.⁷

4
- 49949091963
- CERT
- CERT. Advisory CA-2000-02: Malicious HTML Tags Embedded in Client Web Requests, 2002.
- (2002) Advisory CA-2000-02: Malicious HTML Tags Embedded in Client Web Requests

5
- 51849162672
- Vulnerability Analysis of Web Applications
- L. Baresi and E. Di Nitto, editors, Springer
- M. Cova, V. Felmetsger, and G. Vigna. Vulnerability Analysis of Web Applications. In L. Baresi and E. Di Nitto, editors, Testing and Analysis of Web Services. Springer, 2007.
- (2007) Testing and Analysis of Web Services
- Cova, M.¹ Felmetsger, V.² Vigna, G.³

6
- 1542595877
- Static and Dynamic Analysis: Synergy and Duality
- Portland, OR, May 9
- M. D. Ernst. Static and Dynamic Analysis: Synergy and Duality. In WODA 2003: ICSE Workshop on Dynamic Analysis, Portland, OR, May 9, 2003.
- (2003) WODA 2003: ICSE Workshop on Dynamic Analysis
- Ernst, M.D.¹

7
- 57449112285
- A dynamic technique for enhancing the security and privacy of web applications
- A. Futoransky, E. Gutesman, and A. Waissbein. A dynamic technique for enhancing the security and privacy of web applications. In Black Hat USA, 2007.
- (2007) Black Hat USA
- Futoransky, A.¹ Gutesman, E.² Waissbein, A.³

8
- 40449116802
- A Classification of SQL-Injection Attacks and Countermeasures
- Arlington, VA, USA, March
- W. G. Halfond, J. Viegas, and A. Orso. A Classification of SQL-Injection Attacks and Countermeasures. In Proceedings of the IEEE International Symposium on Secure Software Engineering, Arlington, VA, USA, March 2006.
- (2006) Proceedings of the IEEE International Symposium on Secure Software Engineering
- Halfond, W.G.¹ Viegas, J.² Orso, A.³

9
- 84956630483
- Interprocedural Slicing Using Dependence Graphs
- New York, NY, USA, ACM Press
- S. Horwitz, T. Reps, and D. Binkley. Interprocedural Slicing Using Dependence Graphs. In PLDI '88: Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation, New York, NY, USA, 1988. ACM Press.
- (1988) PLDI '88: Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation
- Horwitz, S.¹ Reps, T.² Binkley, D.³

10
- 19944365247
- Securing web application code by static analysis and runtime protection
- ACM
- Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D.-T. Lee, and S.-Y. Kuo. Securing web application code by static analysis and runtime protection. In Proceedings of the 13th international conference on World Wide Web. ACM, 2004.
- (2004) Proceedings of the 13th international conference on World Wide Web
- Huang, Y.-W.¹ Yu, F.² Hang, C.³ Tsai, C.-H.⁴ Lee, D.-T.⁵ Kuo, S.-Y.⁶

11
- 33745934031
- Precise alias analysis for static detection of web application vulnerabilities
- New York, NY, USA, ACM
- N. Jovanovic, C. Kruegel, and E. Kirda. Precise alias analysis for static detection of web application vulnerabilities. In Proceedings of the 2006 workshop on Programming languages and analysis for security, New York, NY, USA, 2006. ACM.
- (2006) Proceedings of the 2006 workshop on Programming languages and analysis for security
- Jovanovic, N.¹ Kruegel, C.² Kirda, E.³

12
- 33751027156
- Pixy: A static analysis tool for detecting web application vulnerabilities (short paper)
- IEEE Computer Society
- N. Jovanovic, C. Krügel, and E. Kirda. Pixy: A static analysis tool for detecting web application vulnerabilities (short paper). In IEEE Symposium on Security and Privacy. IEEE Computer Society, 2006.
- (2006) IEEE Symposium on Security and Privacy
- Jovanovic, N.¹ Krügel, C.² Kirda, E.³

13
- 84871349041
- A. Nguyen-tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans. Automatically hardening web applications using precise tainting. In In 20th IFIP International Information Security Conference, 2005.
- A. Nguyen-tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans. Automatically hardening web applications using precise tainting. In In 20th IFIP International Information Security Conference, 2005.

14
- 0003818126
- Springer-Verlag
- F. Nielson, H. R. Nielson, and C. L. Hankin. Principles of Program Analysis. Springer-Verlag, 1999.
- (1999) Principles of Program Analysis
- Nielson, F.¹ Nielson, H.R.² Hankin, C.L.³

15
- 70349912314
- Perl documentation. perlsec. http://perldoc.perl.org/perlsec.html.
- Perl documentation. perlsec

16
- 33745933622
- Defending against injection attacks through context-sensitive string evaluation
- T. Pietraszek and C. V. Berghe. Defending against injection attacks through context-sensitive string evaluation. In In Recent Advances in Intrusion Detection (RAID), 2005.
- (2005) In Recent Advances in Intrusion Detection (RAID)
- Pietraszek, T.¹ Berghe, C.V.²

17
- 70349941162
- Symantec Inc
- Symantec Inc, Technical report, apr
- Symantec Inc. Symantec internet security threat report: Volume XIII. Technical report, Symantec Inc., apr 2008.
- (2008) Symantec internet security threat report: Volume XIII

18
- 35449004893
- Sound and precise analysis of web applications for injection vulnerabilities
- New York, NY, USA, ACM
- G. Wassermann and Z. Su. Sound and precise analysis of web applications for injection vulnerabilities. In Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation, New York, NY, USA, 2007. ACM.
- (2007) Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
- Wassermann, G.¹ Su, Z.²

19
- 85050273691
- Program slicing
- Piscataway, NJ, USA, IEEE Press
- M. Weiser. Program slicing. In ICSE '81: Proceedings of the 5th International Conference on Software engineering, Piscataway, NJ, USA, 1981. IEEE Press.
- (1981) ICSE '81: Proceedings of the 5th International Conference on Software engineering
- Weiser, M.¹

20
- 84910681237
- Static detection of security vulnerabilities in scripting languages
- Berkeley, CA, USA, USENIX Association
- Y. Xie and A. Aiken. Static detection of security vulnerabilities in scripting languages. In Proceedings of the 15th conference on USENIX Security Symposium, Berkeley, CA, USA, 2006. USENIX Association.
- (2006) Proceedings of the 15th conference on USENIX Security Symposium
- Xie, Y.¹ Aiken, A.²

* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.