메뉴 건너뛰기




Volumn 45, Issue 3, 2012, Pages 55-62

Defending against cross-site scripting attacks

Author keywords

Code vulnerabilities; Cross site scripting (XSS); Secure coding practices; Web applications; Web security

Indexed keywords


EID: 84858250036     PISSN: 00189162     EISSN: None     Source Type: Trade Journal    
DOI: 10.1109/MC.2011.261     Document Type: Review
Times cited : (43)

References (12)
  • 1
    • 84858267784 scopus 로고    scopus 로고
    • Open Web Application Security Project, XSS (Cross-Site Scripting)
    • Open Web Application Security Project, XSS (Cross-Site Scripting), Prevention Cheat Sheet, 2011; https://www.owasp.org/index.php/XSS-(Cross-Site- Scripting)-Prevention-Cheat-Sheet.
    • (2011) Prevention Cheat Sheet
  • 3
    • 77957332722 scopus 로고    scopus 로고
    • Perturbation-based user-input-validation test-ing of web applications
    • Nov.
    • N. Li et al., "Perturbation-Based User-Input-Validation Test-ing of Web Applications," J. Systems and Software, Nov. 2010, pp. 2263-2274.
    • (2010) J. Systems and Software , pp. 2263-2274
    • Li, N.1
  • 6
    • 84910681237 scopus 로고    scopus 로고
    • Static detection of security vulner-abilities in scripting languages
    • Usenix
    • Y. Xie and A. Aiken, "Static Detection of Security Vulner-abilities in Scripting Languages," Proc. 15th Usenix Security Symp. (Usenix-SS 06), vol. 15, Usenix, 2006, pp. 179-192.
    • (2006) Proc. 15th Usenix Security Symp. (Usenix-SS 06) , vol.15 , pp. 179-192
    • Xie, Y.1    Aiken, A.2
  • 7
    • 50249115131 scopus 로고    scopus 로고
    • Saner: Composing static and dynamic analysis to validate sanitization in web applications
    • D. Balzarotti et al., "Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications," Proc. 29th IEEE Symp. Security and Privacy (SP 08), IEEE CS, 2008, pp. 387-401.
    • (2008) Proc. 29th IEEE Symp. Security and Privacy (SP 08), IEEE CS , pp. 387-401
    • Balzarotti, D.1
  • 9
    • 77949879017 scopus 로고    scopus 로고
    • Automatic creation of sql injection and cross-site scripting attacks
    • A. Kiezun et al., "Automatic Creation of SQL Injection and Cross-Site Scripting Attacks," Proc. 31st Int'l Conf. Software Eng. (ICSE 09), IEEE CS, 2009, pp. 199-209.
    • (2009) Proc. 31st Int'l Conf. Software Eng. (ICSE 09), IEEE CS , pp. 199-209
    • Kiezun, A.1
  • 10
    • 40449091840 scopus 로고    scopus 로고
    • WASP: Protecting web applications using positive tainting and syntax-aware evaluation
    • DOI 10.1109/TSE.2007.70748
    • W. Halfond, A. Orso, and P. Manolios, "WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation," IEEE Trans. Software Eng., Jan. 2008, pp. 65-81. (Pubitemid 351343903)
    • (2008) IEEE Transactions on Software Engineering , vol.34 , Issue.1 , pp. 65-81
    • Halfond, W.G.J.1    Orso, A.2    Manolios, P.3
  • 12
    • 70349595106 scopus 로고    scopus 로고
    • Client-side cross-site scripting protection
    • Oct.
    • E. Kirda et al., "Client-Side Cross-Site Scripting Protection," Computers & Security, Oct. 2009, pp. 592-604.
    • (2009) Computers & Security , pp. 592-604
    • Kirda, E.1


* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.