|
[1]Open Web Application Security Project. Cross-Site Scripting. April 2009. http://www.owasp.org/index.php/Top_10_2007-A1 [2]David Endler. The Evolution of Cross-Site Scripting Attacks. Technical Report, iDEFENSE Labs, 20 May 2002. [3]CERT/CC. CERT Advisory CA-2000-02 Malicious HTML Tags Embedded In Client Web Requests. April 2009. http://www.cert.org/advisories/CA-2000-02.html [4]G. A. D. Lucca, A. R. Fasolino, M. Mastoianni and P. Tramontana. Identifying Cross Site Scripting Vulnerabilities in Web Applications. In Proceedings of 6th IEEE International Workshop on Web Site Evolution 2004, WSE’04, 2004, pp.71-80. [5]Jin-Cherng Lin, Jan-Min Chen and Cheng-Hsiung Liu. An Automatic Mechanism for Sanitizing Malicious Injection. In The 9th International Conference for Young Computer Scientists, ICYCS 2008, Nov 2008, pp. 1470 – 1475. [6]Gary Wassermann and Zhendong Su. Static Detection of Cross-Site Scripting Vulnerabilities. In Proceedings of the 30th International Conference on Software Engineering 2008, ICSE’08, May 2008, pp. 171-180. [7]Omar Ismail, Masashi Etoh, Youki Kadobayashi and Suguru Yamaguchi. A Proposal and Implementation of Automatic Detection/Collection System for Cross-Site Scripting Vulnerability. In Proceedings of the 18th International Conference on Advanced Information Networking and Application 2004, AINA’04, 2004, pp. 145-151. [8]Engin Kirda, Christopher Kruegel, Giovanni Vigna and Nenad Jovanovic. Noxes: A Client-Side Solution for Mitigating Cross-Site Scripting Attacks. In Proceedings of the 2006 ACM symposium on Applied computing 2006, SAC’06, April 2006, pp. 330-337. [9]Trevor Jim, Nikhil Swamy and Michael Hicks. Defeating Script Injection Attacks with Browser-Enforced Embedded Policies. In Proceedings of the 16th international conference on World Wide Web 2007, WWW’07, May 2007, pp. 601-610.
[10]Jin-Cherng Lin, Jan-Min Chen and Cheng-Hsiung Liu. An Automatic Mechanism for Adjusting Validation Function. In Proceedings of the 22nd International Conference on Advanced Information Networking and Application - Workshops 2008, AINAW’08, March 2008, pp. 602-607. [11]Dev ArticlesTM. JavaScript Security, June 2009 http://www.devarticles.com/c/a/JavaScript/JavaScript-Security/ [12]Regular Expression Library. April 2009. http://regexlib.com/Default.aspx [13], XSS Attacks Information. July 2009. http://www.xssed.com/ [14]Mozilla Org. JavaScript Security : Signed Scripts. June 2009. http://www.mozilla.org/projects/security/components/signed-scripts.html [15]Mozilla Org. Signed Scripts & Privileges : An Example. June 2009. http://www.mozilla.org/projects/security/components/signed-script-example.html
|