Academic Papers in Web Application Security

This list represents an attempt to collect academic papers on the subject of Web application security sorted by the year of publication. Please let me know if something is missing from the list.

By year | By topic

back to Griffin Software Security Project

Paper Author(s) Conference
2004
An Analysis Framework for Security in Web Applications Gary Wassermann and Zhendong Su SAVCBS '04
JDBC Checker: A Static Analysis Tool for SQL/JDBC Applications Carl Gould, Zhendong Su, and Premkumar Devanbu ICSE '04
SQLrand: Preventing SQL Injection Attacks Stephen W. Boyd and Angelos D. Keromytis ACNS '04
Static Checking of Dynamically Generated Queries in Database Applications Carl Gould, Zhendong Su, and Premkumar Devanbu ICSE '04
Securing Web Application Code by Static Analysis and Runtime Protection Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai Lee, Sy-Yen Kuo WWW '04
Using a SQL Coverage Measurement for Testing Database Applications María José Suárez-Cabal and Javier Tuya FSE '04
Bypass Testing of Web Applications Jeff Offutt, Ye Wu, Xiaochen Du and Hong Huang ISSRE '04
2005
Finding Security Vulnerabilities in Java Applications with Static Analysis Benjamin Livshits and Monica S. Lam Usenix '05
Finding Application Errors and Security Flaws Using PQL: a Program Query Language Michael Martin, Benjamin Livshits, and Monica S. Lam OOPSLA '05
Defining a Set of Common Benchmarks for Web Application Security Benjamin Livshits SoftSecTools '05
AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks W. Halfond and A. Orso ASE '05
Automatically Hardening Web Applications using Precise Tainting Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Green, Jeffrey Shirley, David Evans. SEC '05
A Learning-Based Approach to the Detection of SQL Attacks F. Valeur, D. Mutz, and G. Vigna DIMVA '05
Defending against Injection Attacks through Context-Sensitive String Evaluation Tadeusz Pietraszek, Chris Vanden Berghe RAID '05
Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. James Newsome and Dawn Song NDSS '05
Taint Propagation for Java Vivek Haldar, Deepak Chandra and Michael Franz ACSAC '05
2006
The Essence of Command Injection Attacks in Web Applications Zhendong Su and Gary Wassermann POPL '06
Precise Alias Analysis for Syntactic Detection of Web Application Vulnerabilities Nenad Jovanovic, Christopher Kruegel, and Engin Kirda PLAS '06
Noxes: A Client-Side Solution for Mitigating Cross Site Scripting Attacks Engin Kirda, Christopher Kruegel, Giovanni Vigna, and Nenad Jovanovic SAC '06
Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks W. Robertson, G. Vigna, C. Kruegel, R. Kemmerer NDSS '06
Static Detection of Security Vulnerabilities in Scripting Languages Yichen Xie and Alex Aiken Usenix '06
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities Nenad Jovanovic, Christopher Kruegel and Engin Kirda Oakland '06
A Safety-Oriented Platform for Web Applications Richard S. Cox, Jacob Gorm Hansen, Steven D. Gribble, and Henry M. Levy Oakland '06
A Practical Approach for Defeating a Wide Range of Attacks Wei Xu, Sandeep Bhatkar, R. Sekar Usenix '06

This list was last updated on $Date: 2006/06/06 15:25:24 $. [Counter]