Xu et al., 2005 - Google Patents
Practical dynamic taint analysis for countering input validation attacks on web applicationsXu et al., 2005
View PDF- Document ID
- 2424323197200600936
- Author
- Xu W
- Bhatkar S
- Sekar R
- Publication year
- Publication venue
- Dept. Comput. Sci., Stony Brook Univ., Stony Brook, NY, USA, Tech. Rep. SECLAB-05-04
External Links
Snippet
Errors in validation of user inputs lead to serious security vulnerabilities. Many web applications contain such errors, making them vulnerable to remotely exploitable input validation attacks such as SQL injection, and cross site scripting. In this paper, we present a …
- 238000010200 validation analysis 0 title abstract description 27
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Bisht et al. | XSS-GUARD: precise dynamic prevention of cross-site scripting attacks | |
| Mitropoulos et al. | Defending against web application attacks: Approaches, challenges and implications | |
| Shahriar et al. | Mitigating program security vulnerabilities: Approaches and challenges | |
| Guarnieri et al. | Saving the world wide web from vulnerable JavaScript | |
| Huang et al. | Securing web application code by static analysis and runtime protection | |
| Lam et al. | A general dynamic information flow tracking framework for security applications | |
| Scholte et al. | Preventing input validation vulnerabilities in web applications through automated type analysis | |
| Almorsy et al. | Supporting automated vulnerability analysis using formalized vulnerability signatures | |
| Long et al. | Java coding guidelines: 75 recommendations for reliable and secure programs | |
| Frantz et al. | Methods and benchmark for detecting cryptographic api misuses in python | |
| Xu et al. | Practical dynamic taint analysis for countering input validation attacks on web applications | |
| Xiao et al. | Preventing client side XSS with rewrite based dynamic information flow | |
| Hosek et al. | Safeweb: A middleware for securing ruby-based web applications | |
| Alattar | R-WASP: Real time-web application SQL injection detector and preventer | |
| Pisu et al. | A survey of the overlooked dangers of template engines | |
| Nunes | Blended security analysis for web applications: Techniques and tools | |
| Lincke | Understanding software threats and vulnerabilities | |
| Zhao | Beast in the Cage: A Fine-grained and Object-oriented Permission System to Confine JavaScript Operations on the Web | |
| Hermosillo et al. | Using aspect programming to secure web applications | |
| Kalantari | Safeguarding Users' Web Interactions | |
| Bittau | Toward least-privilege isolation for software | |
| Chandra | Information flow analysis and enforcement in java bytecode | |
| Wang | Forensics and Formalized Protocol Customization for Enhancing Networking Security | |
| Schöni et al. | Automatically Retrofitting Cordova Applications for Stricter Content Security Policies | |
| Zavou | Information Flow Auditing In the Cloud |