Code-injection vulnerabilities in web applications - Exemplified at cross-site scripting;Code-injection Verwundbarkeit in Web Anwendungen am Beispiel von Cross-site Scripting

IT - Information Technology

Volumn 53, Issue 5, 2011, Pages 256-260

  Johns, Martin ^a  

^a SAP RESEARCH   (Germany)

Author keywords

D.2 Software: Software Engineering ; D.3.4 Software: Programming Languages: Processors ; Security, Code Injection, Web Application

Indexed keywords

CODE INJECTION; D.2 [SOFTWARE: SOFTWARE ENGINEERING]; D.3.4 [SOFTWARE: PROGRAMMING LANGUAGE: PROCESSOR]; LANGUAGE PROCESSORS; SECURITY CODES; SECURITY, CODE INJECTION, WEB APPLICATION; SOFTWARE PROGRAMMING; SOFTWARE/SOFTWARE ENGINEERING; WEB APPLICATION; WEB APPLICATIONS;

APPLICATION PROGRAMS;

EID: 85116892516     PISSN: 16112776     EISSN: 21967032     Source Type: Journal    
DOI: 10.1524/itit.2011.0651     Document Type: Article

References (9)

1. St. Christey and R. A. Martin. Vulnerability Type Distributions in CVE, Version 1.1, May 2007. Online http://cwe.mitre.org/ documents/vuln-trends/index.html.
2. J. Grossman, R. Hansen, P. Petkov, and A. Rager. Cross Site Scripting Attacks: XSS Exploits and Defense. Syngress, 2007.
3. K. J. Biba. Integrity Considerations for Secure Computer Systems. Report MTR-3153, Mitre Corporation, April 1977.
4. D.M. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. In: Journal of Computer Security, 4:167-187, 1996.
5. M. Johns. SessionSafe: Implementing XSS Immune Session Handling. In: Proc. of the European Symp. on Research in Computer Security (ESORICS 2006), LNCS 4189, pages 444-460, Springer, Sep 2006.
6. M. Johns and J. Winter. RequestRodeo: Client Side Protection against Session Riding. In: Proc. of the Open WEb Application Security Project (OWASP) Europe Conf., May 2006. Online: https:// www.owasp.org/images/4/42/RequestRodeo-MartinJohns.pdf.
7. M. Johns and J. Winter. Protecting the Intranet Against "JavaScript Malware" and Related Attacks. In: Proc. of the 4th Int'l Conf. on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2007), LNCS 4579, pages 40-59. Springer, July 2007.
8. M. Johns, Chr. Beyerlein, R. Giesecke, and J. Posegga. Secure Code Generation forWeb Applications. In: Proc. of the 2nd Int'l Symp. on Engineering Secure Software and Systems (ESSoS '10), LNCS 5965, pages 96-113. Springer, Feb 2010.
9. M. Johns. On JavaScript Malware and Related Threats - Web Page Based Attacks Revisited. In: Journal in Computer Virology, Springer Paris, 4(3):161-178, Aug 2008.