Twenty-two years since revealing cross-site scripting attacks: a systematic map** and a comprehensive survey
Cross-site scripting (XSS) is one of the major threats menacing the privacy of data and the
navigation of trusted web applications. Since its disclosure in late 1999 by Microsoft security …
navigation of trusted web applications. Since its disclosure in late 1999 by Microsoft security …
Machine Learning for Computer and Cyber Security
BB Gupta, M Sheng - ed: CRC Press. Preface, 2019 - api.taylorfrancis.com
Names: Gupta, Brij, 1982-editor.| Sheng, Quan Z. editor. Title: Machine learning for computer
and cyber security: principles, algorithms, and practices/editors Brij B. Gupta, National …
and cyber security: principles, algorithms, and practices/editors Brij B. Gupta, National …
Seismic: Secure in-lined script monitors for interrupting cryptojacks
A method of detecting and interrupting unauthorized, browser-based cryptomining is
proposed, based on semantic signature-matching. The approach addresses a new wave of …
proposed, based on semantic signature-matching. The approach addresses a new wave of …
Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild.
The Web has become highly interactive and an important driver for modern life, enabling
information retrieval, social exchange, and online shop**. From the security perspective …
information retrieval, social exchange, and online shop**. From the security perspective …
The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the Web
Request forgery attacks are among the oldest threats to Web applications, traditionally
caused by server-side confused deputy vulnerabilities. However, recent advancements in …
caused by server-side confused deputy vulnerabilities. However, recent advancements in …
It's (dom) clobbering time: Attack techniques, prevalence, and defenses
DOM Clobbering is a type of code-less injection attack where attackers insert a piece of non-
script, seemingly benign HTML markup into a webpage and transform it to executable code …
script, seemingly benign HTML markup into a webpage and transform it to executable code …
Talking about my generation: Targeted dom-based xss exploit generation using dynamic data flow analysis
Since the invention of JavaScript 25 years ago, website functionality has been continuously
shifting from the server-side to the client-side. Web browsers have evolved into an …
shifting from the server-side to the client-side. Web browsers have evolved into an …
HTML violations and where to find them: a longitudinal analysis of specification violations in HTML
With the increased interest in the web in the 90s, everyone wanted to have their own
website. However, given the lack of knowledge, such pages contained numerous HTML …
website. However, given the lack of knowledge, such pages contained numerous HTML …
Scriptprotect: mitigating unsafe third-party javascript practices
The direct client-side inclusion of cross-origin JavaScript resources in Web applications is a
pervasive practice to consume third-party services and to utilize externally provided libraries …
pervasive practice to consume third-party services and to utilize externally provided libraries …
[PDF][PDF] Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials
Websites rely on server-side HTML sanitization to defend against the ever-present threat of
cross-site scripting attacks. Parsing arbitrary pieces of markup to assess whether they …
cross-site scripting attacks. Parsing arbitrary pieces of markup to assess whether they …