|
[1] Nenad Jovanovic et al., “Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities,” in IEEE Symposium on Security and Privacy, Oakland, 2006.
[2] Yi Wang et al., “Program Slicing Stored XSS Bugs in Web Application,” in Fifth International Symposium on Theoretical Aspects of Software Engineering (TASE), Xi’an, 2011.
[3] William G. J. Halfond and Alessandro Orso, “AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks,” in IEEE/ACM international Conference on Automated software engineering, CA, 2005.
[4] William Halfond et al., “WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation,” in IEEE Transactions on Software Engineering, vol. 34, 2008, pp. 65-81.
[5] Hossain Shahriar and Mohammad Zulkernine, “Information-Theoretic Detection of SQL Injection Attacks,” in 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering (HASE), Omaha, NE.
[6] Aske Simon Christensen et al., “Precise Analysis of String Expressions,” in International Conference on Static Analysis, San Diego, CA, 2003.
[7] Carl Gould et al., “Static Checking of Dynamically Generated Queries in Database Applications,” in 26th International Conference on Software Engineering, Edinburgh, UK, 2004.
[8] Daryl Shannon et al., “Abstracting Symbolic Execution with String Analysis,” in Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION, Winsdor, UK, 2007.
[9] Gary Wassermann and Zhendong Su, “Sound and Precise Analysis of Web Applications for Injection Vulnerabilities,” in 28th ACM SIGPLAN Conference on Programming Language Design and Implementation, 2007, pp. 32-41.
[10] Gary Wassermann and Zhendong Su, “Static Detection of Cross-Site Scripting Vulnerabilities,” in 30th International Conference on Software Engineering, Leipzig, 2008.
[11] Gary Wassermann et al., “Static Checking of Dynamically Generated Queries in Database Applications,” in ACM Transactions on Software Engineering and Methodology, vol. 16, no. 14, 2007.
[12] Fang Yu et al., “Symbolic String Verification: An Automata-Based Approach,” in International SPIN Workshop on Model Checking of Software, 2008, pp. 306-324.
[13] The MONA Project [Online]. Available: http://www.brics.dk/mona/
[14] Muath Alkhalaf et al,. “ViewPoints: Differential String Analysis for Discovering Client- and Server-Side Input Validation Inconsistencies,” in 2012 International Symposium on Software Testing and Analysis, Minneapolis, pp. 55-66.
[15] Muath Alkhalaf et al,. “Semantic Differential Repair for Input Validation and Sanitization,” in 2014 International Symposium on Software Testing and Analysis, San Jose, CA.
[16] Inian Parameshwaran et al., “Auto-patching DOM-Based XSS at Scale,” in 10th Joint Meeting on Foundations of Software Engineering, Bergamo, Italy, 2015.
[17] Fang Yu et al., “Automata-Based Symbolic String Analysis for Vulnerability Detection,” in Formal Methods in System Design, vol. 44, issue 1, 2014, pp. 44-70.
[18] Ibéria Medeiros et al., “Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives,” in 23rd International Conference on World Wide Web, Seoul, Korea, 2014.
[19] Fang Yu et al., “Optimal Sanitization Synthesis for Web Application Vulnerability Repair,” in 25th International Symposium on Software Testing and Analysis, Saarbrücken, 2016, pp. 189-200.
[20] LibStrange [Online]. Available: https://github.com/vlab-cs-ucsb/LibStranger
[21] Symantec (2017). Symantec Internet Security Threat Report [Online]. Available: https://s1.q4cdn.com/585930769/files/doc_downloads/lifelock/ISTR22_Main-FINAL-APR24.pdf
[22] Bertrand Stivalet and Elizabeth Fong, “Large Scale Generation of Complex and Faulty PHP Test Cases,” in 2016 IEEE International Conference on Software Testing, Verification and Validation (ICST), Chicago, IL.
|