| Paper |
Author(s) |
Conference |
| 2003 |
| Anomaly detection of Web-based attacks |
Christopher Kruegel and Giovanni Vigna |
CCCS '03 |
| 2004 |
| An Analysis Framework for Security in Web Applications |
Gary Wassermann and Zhendong Su |
SAVCBS '04 |
| JDBC Checker: A Static Analysis Tool for SQL/JDBC Applications |
Carl Gould, Zhendong Su, and Premkumar Devanbu |
ICSE '04 |
| SQLrand: Preventing SQL Injection Attacks |
Stephen W. Boyd and Angelos D. Keromytis |
ACNS '04 |
| Static Checking of Dynamically Generated Queries in Database Applications |
Carl Gould, Zhendong Su, and Premkumar Devanbu |
ICSE '04 |
| Securing Web Application Code by Static Analysis and Runtime Protection |
Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai Lee, Sy-Yen Kuo |
WWW '04 |
| Using a SQL Coverage Measurement for Testing Database Applications |
María José Suárez-Cabal and Javier Tuya |
FSE '04 |
| Bypass Testing of Web Applications |
Jeff Offutt, Ye Wu, Xiaochen Du and Hong Huang |
ISSRE '04 |
| 2005 |
| Finding Security Vulnerabilities in Java Applications with Static Analysis |
Benjamin Livshits and Monica S. Lam |
Usenix '05 |
| Finding Application Errors and Security Flaws Using PQL: a Program Query Language |
Michael Martin, Benjamin Livshits, and Monica S. Lam |
OOPSLA '05 |
| Defining a Set of Common Benchmarks for Web Application Security |
Benjamin Livshits |
SoftSecTools '05 |
| AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks |
W. Halfond and A. Orso
|
ASE '05 |
| Automatically Hardening Web Applications using Precise Tainting |
Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Green, Jeffrey Shirley, David Evans.
|
SEC '05 |
| A Learning-Based Approach to the Detection of SQL Attacks
|
F. Valeur, D. Mutz, and G. Vigna |
DIMVA '05 |
| Defending against Injection Attacks through Context-Sensitive String Evaluation
|
Tadeusz Pietraszek, Chris Vanden Berghe |
RAID '05 |
| Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software.
|
James Newsome and Dawn Song
|
NDSS '05 |
| Taint Propagation for Java
|
Vivek Haldar, Deepak Chandra and Michael Franz |
ACSAC '05 |
Enforcing Privacy in Web Applications
|
Ariel Futoransky and Ariel Waissbein |
PST '05 |
| Using parse tree validation to prevent SQL injection attacks
|
Gregory T. Buehrer, Bruce W. Weide, and Paolo A. G. Sivilotti |
SEM '05 |
| 2006 |
| The Essence of Command Injection Attacks in Web Applications
|
Zhendong Su and Gary Wassermann |
POPL '06 |
| Precise Alias Analysis for Syntactic Detection of Web Application Vulnerabilities |
Nenad Jovanovic, Christopher Kruegel, and Engin Kirda |
PLAS '06 |
| Noxes: A Client-Side Solution for Mitigating Cross Site Scripting Attacks |
Engin Kirda, Christopher Kruegel, Giovanni Vigna, and Nenad Jovanovic |
SAC '06 |
| Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks
|
W. Robertson, G. Vigna, C. Kruegel, R. Kemmerer |
NDSS '06 |
| Static Detection of Security Vulnerabilities in Scripting Languages
|
Yichen Xie and Alex Aiken |
Usenix '06 |
| Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities
|
Nenad Jovanovic, Christopher Kruegel and Engin Kirda |
Oakland '06 |
| A Safety-Oriented Platform for Web Applications
|
Richard S. Cox, Jacob Gorm Hansen, Steven D. Gribble, and Henry M. Levy |
Oakland '06 |
| A Practical Approach for Defeating a Wide Range of Attacks |
Wei Xu, Sandeep Bhatkar, R. Sekar |
Usenix '06 |
| Detection of Web-Based Attacks through Markovian Protocol Parsing |
Juan M. Estevez-Tapiador, Pedro Garcia-Teodoro, and Jesus E. Diaz-Verdejo |
ISCC '06 |
| Bridging the gap between Web application firewalls and Web applications |
Lieven Desmet, Frank Piessens, Wouter Joosen, Pierre Verbaeten |
FMSE '06 |
| RequestRodeo: Client Side Protection against Session Riding |
Martin Johns and Justus Winter |
OWASP '06 |
