Academic Papers in Web Application Security

This list represents an attempt to collect academic papers on the subject of Web application security sorted by the year of publication. Please let me know if something is missing from the list.

By year | By topic

back to Griffin Software Security Project

Paper Author(s) Conference
Static analysis
An Analysis Framework for Security in Web Applications Gary Wassermann and Zhendong Su SAVCBS '04
JDBC Checker: A Static Analysis Tool for SQL/JDBC Applications Carl Gould, Zhendong Su, and Premkumar Devanbu ICSE '04
Static Checking of Dynamically Generated Queries in Database Applications Carl Gould, Zhendong Su, and Premkumar Devanbu ICSE '04
Securing Web Application Code by Static Analysis and Runtime Protection Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai Lee, Sy-Yen Kuo WWW '04
Finding Security Vulnerabilities in Java Applications with Static Analysis Benjamin Livshits and Monica S. Lam Usenix '05
Precise Alias Analysis for Syntactic Detection of Web Application Vulnerabilities Nenad Jovanovic, Christopher Kruegel, and Engin Kirda PLAS '06
Static Detection of Security Vulnerabilities in Scripting Languages Yichen Xie and Alex Aiken Usenix '06
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities Nenad Jovanovic, Christopher Kruegel and Engin Kirda Oakland '06
Bridging the gap between Web application firewalls and Web applications Lieven Desmet, Frank Piessens, Wouter Joosen, Pierre Verbaeten FMSE '06
Runtime (dynamic) analysis
Finding Application Errors and Security Flaws Using PQL: a Program Query Language Michael Martin, Benjamin Livshits, and Monica S. Lam OOPSLA '05
AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks W. Halfond and A. Orso ASE '05
Automatically Hardening Web Applications using Precise Tainting Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Green, Jeffrey Shirley, David Evans. SEC '05
A Learning-Based Approach to the Detection of SQL Attacks F. Valeur, D. Mutz, and G. Vigna DIMVA '05
Defending against Injection Attacks through Context-Sensitive String Evaluation Tadeusz Pietraszek, Chris Vanden Berghe RAID '05
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. James Newsome and Dawn Song NDSS '05
Taint Propagation for Java Vivek Haldar, Deepak Chandra and Michael Franz ACSAC '05
Enforcing Privacy in Web Applications Ariel Futoransky and Ariel Waissbein PST '05
A Practical Approach for Defeating a Wide Range of Attacks Wei Xu, Sandeep Bhatkar, R. Sekar Usenix '06
The Essence of Command Injection Attacks in Web Applications Zhendong Su and Gary Wassermann POPL '06
Client-side Solutions
Noxes: A Client-Side Solution for Mitigating Cross Site Scripting Attacks Engin Kirda, Christopher Kruegel, Giovanni Vigna, and Nenad Jovanovic SAC '06
RequestRodeo: Client Side Protection against Session Riding Martin Johns and Justus Winter OWASP '06
Testing
Using a SQL Coverage Measurement for Testing Database Applications María José Suárez-Cabal and Javier Tuya FSE '04
Bypass Testing of Web Applications Jeff Offutt, Ye Wu, Xiaochen Du and Hong Huang ISSRE '04
IDS
Anomaly detection of Web-based attacks Christopher Kruegel and Giovanni Vigna CCCS '03
Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks W. Robertson, G. Vigna, C. Kruegel, R. Kemmerer NDSS '06
Detection of Web-Based Attacks through Markovian Protocol Parsing Juan M. Estevez-Tapiador, Pedro Garcia-Teodoro, and Jesus E. Diaz-Verdejo ISCC '06
The Rest
SQLrand: Preventing SQL Injection Attacks Stephen W. Boyd and Angelos D. Keromytis ACNS '04
Defining a Set of Common Benchmarks for Web Application Security Benjamin Livshits SoftSecTools '05
A Safety-Oriented Platform for Web Applications Richard S. Cox, Jacob Gorm Hansen, Steven D. Gribble, and Henry M. Levy Oakland '06
Using parse tree validation to prevent SQL injection attacks Gregory T. Buehrer, Bruce W. Weide, and Paolo A. G. Sivilotti SEM '05

This list was last updated on $Date: 2007/01/08 18:45:21 $. [Counter]