|
[1] U. Aavasalu, “Attacks And Defence With Html5,” Tallinn University of Technology, master thesis, 2012, unpublished. [2] D. Bates, A. Barth and C. Jackson, “Regular expressions considered harmful in client-side XSS filters,” WWW '10 Proceedings of the 19th international conference on ACM, USA, April 30, 2010, pp. 91-100. [3] H. Choo, S. -H. Oh, J. -H. Jung and H. -K. Kim, "The Behavior-Based Analysis Techniques for HTML5 Malicious features," In: Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2015 9th International Conference on IEEE, July 2015, pp.436-440. [4] G. Dong, Y. Zhang, X. Wang, P. Wang and L. Liu, “Detecting Cross Site Scripting Vulnerabilities Introduced by HTML5,” Proc. 11th International Joint Conference on Computer Science and Software Engineering (JCSSE), May 2014, pp. 319-323. [5] A. Doupé, et al., "deDacota: Toward Preventing Server-Side XSS via Automatic Code and Data Separation," in Proc. CCS, ACM SIGSAC, October 2013, pp. 1205-1216. [6] S. Fogie, J. Grossman, R. Hansen, A. Rager and P. D. Petkov, XSS Attacks: Cross Site Scripting Exploits and Defense, Syngress, 2007. [7] X. Guo, S. Jin and Y. Zhang, "XSS Vulnerability Detection Using Optimized Attack Vector Repertory," Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), September 2015, pp. 29-36. [8] M. K. Gupta, M. C. Govil and G. Singh, "Predicting Cross Site Scripting (XSS) Security Vulnerabilities in Web Applications," International Joint Conference on Computer Science and Software Engineering (IJCSE), July 2015, pp. 162-167. [9] I. Hydara, A. B. Md. Sultan, H. Zulzalil and N. Admodisastro, “Current state of research on cross-site scripting (XSS) – A systematic literature review,” Proc. Information and Software Technology, vol. 58, Feb. 2015, pp. 170-186. [10] S. Lekies, B. Stock and M. Johns, "A tale of the weaknesses of current client-side XSS filtering," BlackHat USA, 2014. [11] B. Mewara, S. Bairwa and J. Gajrani, “Browser's Defenses Against Reflected Cross-Site Scripting Attacks,” Proc. International Conference on Signal Propagation and Computer Technology (ICSPCT), June 2014, pp.662-667. [12] B. Mewara, S. Bairwa, J. Gajrani and V. Jain, “Enhanced Browser Defense for Reflected Cross-Site Scripting,” Proc. 3rd International Conference Reliability, on Infocom Technologies and Optimization (ICRITO), Oct 2014, pp. 1-6. [13] N. Nikiforakis, et al, "sessionShield: Lightweight protection against session hijacking," In: International Symposium on Engineering Secure Software and Systems, Springer Berlin Heidelberg, February 2011, pp. 87-100. [14] E. Ofuonye and J. Miller, "Securing web-clients with instrumented code and dynamic runtime monitoring," The Journal of Systems and Software, Vol. 86, June 2013, pp. 1689–1711. [15] D. K. Patil and K. R. Patil, “Automated Client-side Sanitizer for Code Injection Attacks, ” International Journal of Information Technology and Computer Science, Vol. 8, No. 4, 2016, pp. 86-95. [16] R. Pelizzi and R. Sekar, “Protection, Usability and Improvementsin Reflected XSS Filters,” Proc. ACM Symp. the 12th on Information, Computer and Communications Security (ASIACCS 12), May 2012, NY USA, pp. 5-5. [17] K. S. Rao, et al., “Two for the price of one: A combined browser defense against XSS and clickjacking,” Proc. In International Conference on Computing, Networking and Communications (ICNC), Feb 2016, pp. 1-6. [18] P. D. Ryck, L. Desmet, F. Piessens and W. Joosen, “A Security Analysis of Emerging Web Standards HTML5 and Friends,from Specification to Implementation,” Proc. International Conference on Security and Cryptography (SECRYPT), vol.7, Rome Italy, Jul 2012, pp. 257-262. [19] K. Selvamani, A. Duraisamy and A. Kannan, “Protection of Web Applications from Cross-Site Scripting Attacks in Browser Side,” International ournal of Computer Science and Information Security 7th, 2010, pp. 229–236. [20] S. Shah, “HTML5 Top 10 Threats - Stealth Attacks and Silent Exploits,” BlackHat Europe, 2012. [21] G. Shanmugasundaram, S. Ravivarman and P.Thangavellu, "A study on removal techniques of Cross-Site Scripting from web applications," Energy Information and Commuincation (ICCPEIC), April 2015, pp. 436-442. [22] L. K. Shar and H. B. Tan, "Automated removal of cross site scripting vulnerabilities in web application," Information and Software Technology, vol. 54(5), May 2012, pp. 467-478. [23] A. K. Sood and R. J. Enbody, "Frametrapping the framebusting defence," Network Security, 2011(10), pp. 8-12. [24] S. Sundareswaran, A.C. Squicciarini, “XSS-Dec:A hybrid solution to mitigate cross-site scripting attacks,” In: Data and Applications Security and Privacy XXVI, 2012, pp. 223-238. [25] S. Tang, C. Grier, O. Aciicmez and S.T.King, “Alhambra : A System for Creating, Enforcing, and Testing Browser Security Policies,” In: WWW ’10: Proceedings of the 19th international conference on World wide web, 2010, pp. 941–950. [26] C. H. Thomas, S. Maffeis and C. Novakovic, “BrowserAudit: automated testing of browser security features,” Proc. International Symposium on Software Testing and Analysis, NY USA, July 2015, pp. 37-47. [27] P. Wurzinger, C. Platzer and C. Ludl, "SWAP: Mitigating XSS Attacks using a Reverse Proxy," ICSE Workshop on Software Engineering for Secure Systems '09, May 2009, pp. 33-39. [28] S. Yoon, J. Jung and H. Kim, “Attack on Web Browsers with HTML5,” Proc. 10th International Conference for Internet Technology and Secured Transactions (ICITST), Dec 2015, pp. 193-198. [29] Alexa Internet, The top 500 sites on the web [online], Available: http://www.alexa.com/topsites. [30] S. D. Ankush, “XSS Attack Prevention Using DOM based filtering API,” National Institute of Technology Rourkela [online], Available: http://ethesis.nitrkl.ac.in/5633/. [31] Attack and defense lab, Shell of future [online], Available: http://blog.andlabs.org/2010/07/shell-of-future-reverse-web-shell.html. [32] Bertrand Stivalet, Php vulnerabilities test suite [online], Available: https://github.com/stivalet/PHP-Vulnerability-test-suite. [33] Cure53, HTML5 seurity Cheatsheet [online], Available: https://github.com/cure53/H5SC. [34] ESAPI, OWASP Enterprise Security API [online], Available: http://www.owasp.org/index.php/ESAPI#tab=Project_Details. [35] A. Judson, TamperData [online], Available: http://tamperdata.mozdev.org/index.html. [36] Microsoft, Event 1046 – Cross-Site Scripting Filter [online], Available: https://msdn.microsoft.com/en-us/library/dd565647(VS.85).aspx. [37] Microsoft, IE8 Security Part IV: The XSS Filter [online], Available: https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-iv-the-xss-filter/. [38] Mozilla Foundation, Document Object Model (DOM) [online], Available: https://developer.mozilla.org/en-US/docs/Web/API/Document_Object_Model. [39] Mozilla Foundation, HTTP access control (CORS) [online], Available: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS. [40] OWASP, Cross-site Scripting (XSS) [online], Available: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS). [41] OWASP, HTML5 Introduction [online], Available: http://www.w3schools.com/html/html5_intro.asp. [42] OWASP, OWASP Top Ten Cheat Sheet [online], Available: https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet. [43] OWASP, OWASP XSSER [online], Available: https://www.owasp.org/index.php/OWASP_XSSER. [44] P. Reutemann, E. Frank, M. Hall and L. Trigg, Weka: Data mining tool [online], Available: http://www.cs.waikato.ac.nz/ml/weka.
|