Notice of Retraction: A static analysis tool for detecting web application injection vulnerabilities for ASP program

2010 2nd International Conference on E-Business and Information System Security, EBISS2010

Volumn , Issue , 2010, Pages 116-120

  Zhang, Xin Hua ^a   Wang, Zhi Jian ^a  

^a HOHAI UNIVERSITY   (China)

Author keywords

Code review; Component; SQL injection; Taint trace; WebApp vulnerability; XSS

Indexed keywords

APPLICATION PROGRAMS; DATA FLOW ANALYSIS; ELECTRONIC COMMERCE; FLOW GRAPHS; INFORMATION SYSTEMS; INFORMATION USE; NETWORK SECURITY;

CODE REVIEW; COMPONENT; SQL INJECTION; TAINT TRACE; WEBAPP VULNERABILITY;

STATIC ANALYSIS;

EID: 77954350476     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/EBISS.2010.5473561     Document Type: TB

References (13)

1. Steve Christey, Robert A. Martin. Vulnerability Type Distributions in CVE.[EB/OL].2007:V1.1, (2007-5-22). http://cwe.mitre.org/documents/vuln-trends. html
2. Gray McGraw. Software Security. IEEE Secruity & Privacy[J]. March-April 2004,2(2):80-83
3. THE TEN MOST CRITICAL WEB APPLICATION SECURITY VULNERABILITIES[EB/OL]. http:// http://www.owasp.org/
4. J. Allen. Perl Version 5.8.8 Documentation - Perlsec. http://perldoc.perl.org/perlsec.pdf, 2006.
5. V. Haldar, D. Chandra, and M. Franz. Dynamic Taint Propagation for Java. In Twenty-First Annual Computer Security Applications Conference (ACSAC), 2005.
6. A. Nguyen-Tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans. Automatically Hardening Web Applications Using Precise Tainting. In 20th IFIP International Information Security Conference, Makuhari-Messe, Chiba, Japan, 05 06 2005.
7. R Sekar. An Efficient Black-box Technique for Defeating Web Application Attacks. 16th Annual Network & Distributedprecise tainting. 20th IFIP International Information Secu-System Security Symposium, 2009.
8. P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In Proceeding of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2007.
9. E. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic. Noxes: a client-side solution for mitigating cross-site scripting attacks. In Proceedings of the 2006 ACM symposium on Applied computing, 2006.
10. Yacin Nadji, Prateek Saxena, DawnSong. Document Structure Integrity: ARobust BasisforCross-siteScripting Defense. 16th Annual Network & Distributedprecise tainting. 20th IFIP International Information Secu-System Security Symposium, 2009
11. N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: A Static Analysis Tool for DetectingWeb Application Vulnerabilities (Short Paper). In IEEE Symposium on Security and Privacy, 2006.
12. Xia Yiming. Security Vulnerability Detection Study Based on Static Analysis[J]. Computer Science, 2006, 33(10): 279-283.(in Chinese)
13. R. Hansen. Xss cheat sheet[EB/OL]. http://ha.ckers.org/xss.html.