JavaScript (2nd ed.): the definitive guide
JavaScript (2nd ed.): the definitive guide
HTML (3rd ed.): the definitive guide
HTML (3rd ed.): the definitive guide
Fine grained access control for SOAP E-services
Proceedings of the 10th international conference on World Wide Web
Applied Cryptography: Protocols, Algorithms, and Source Code in C
Applied Cryptography: Protocols, Algorithms, and Source Code in C
The Definition of Standard ML
VBScript in a Nutshell
PowerForms: Declarative client-side form field validation
World Wide Web
Real World Patterns of Failure in Anonymity Systems
IHW '01 Proceedings of the 4th International Workshop on Information Hiding
Developing Secure Web Applications
IEEE Internet Computing
Web application security assessment by fault injection and behavior monitoring
WWW '03 Proceedings of the 12th international conference on World Wide Web
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
An embedded domain-specific language for type-safe server-side web scripting
ACM Transactions on Internet Technology (TOIT)
Combining static analysis and runtime monitoring to counter SQL-injection attacks
WODA '05 Proceedings of the third international workshop on Dynamic analysis
A testing framework for Web application security assessment
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Preventing SQL injection attacks using AMNESIA
Proceedings of the 28th international conference on Software engineering
SecuBat: a web vulnerability scanner
Proceedings of the 15th international conference on World Wide Web
Noxes: a client-side solution for mitigating cross-site scripting attacks
Proceedings of the 2006 ACM symposium on Applied computing
Using positive tainting and syntax-aware evaluation to counter SQL injection attacks
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
A framework for protecting a SIP-based infrastructure against malformed message attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Proceedings of the 2007 ACM symposium on Applied computing
Multi-module vulnerability analysis of web-based applications
Proceedings of the 14th ACM conference on Computer and communications security
Detecting in-flight page changes with web tripwires
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Leveraging User Interactions for In-Depth Testing of Web Applications
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Journal of Computing Sciences in Colleges
SQLProb: a proxy-based architecture towards preventing SQL injection attacks
Proceedings of the 2009 ACM symposium on Applied Computing
The life and death of statically detected vulnerabilities: An empirical study
Information and Software Technology
Automated security testing of web widget interactions
Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
A testing framework for Web application security assessment
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
SWAP: Mitigating XSS attacks using a reverse proxy
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
An automatic meta-revised mechanism for anti-malicious injection
NBiS'07 Proceedings of the 1st international conference on Network-based information systems
Prevention of cross-site scripting attacks on current web applications
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
An empirical investigation into open source web applications' implementation vulnerabilities
Empirical Software Engineering
The challenge of data and application security and privacy (DASPY): are we up to it
Proceedings of the first ACM conference on Data and application security and privacy
Practical elimination of external interaction vulnerabilities in web applications
Journal of Web Engineering
PSIAQOP: preventing SQL injection attacks based on query optimization process
Proceedings of the Second Kuwait Conference on e-Services and e-Systems
A design and implementation of profile based web application securing proxy
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
SessionSafe: implementing XSS immune session handling
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
A survey on detection techniques to prevent cross-site scripting attacks on current web applications
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Automated detection of client-state manipulation vulnerabilities
Proceedings of the 34th International Conference on Software Engineering
XSS-Dec: a hybrid solution to mitigate cross-site scripting attacks
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Enemy of the state: a state-aware black-box web vulnerability scanner
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Securing web-clients with instrumented code and dynamic runtime monitoring
Journal of Systems and Software
A survey on server-side approaches to securing web applications
ACM Computing Surveys (CSUR)
| Hi-index | 0.00 |
Application-level web security refers to vulnerabilities inherent in the code of a web-application itself (irrespective of the technologies in which it is implemented or the security of the web-server/back-end database on which it is built). In the last few months application-level vulnerabilities have been exploited with serious consequences: hackers have tricked e-commerce sites into shipping goods for no charge, user-names and passwords have been harvested and condential information (such as addresses and credit-card numbers) has been leaked.In this paper we investigate new tools and techniques which address the problem of application-level web security. We (i) describe a scalable structuring mechanism facilitating the abstraction of security policies from large web-applications developed in heterogenous multi-platform environments; (ii) present a tool which assists programmers develop secure applications which are resilient to a wide range of common attacks; and (iii) report results and experience arising from our implementation of these techniques.