State of the art: Automated black-box web application vulnerability testing
J Bau, E Bursztein, D Gupta… - 2010 IEEE symposium on …, 2010 - ieeexplore.ieee.org
Black-box web application vulnerability scanners are automated tools that probe web
applications for security vulnerabilities. In order to assess the current state of the art, we …
applications for security vulnerabilities. In order to assess the current state of the art, we …
Securing web applications from injection and logic vulnerabilities: Approaches and challenges
Context: Web applications are trusted by billions of users for performing day-to-day activities.
Accessibility, availability and omnipresence of web applications have made them a prime …
Accessibility, availability and omnipresence of web applications have made them a prime …
VulRepair: a T5-based automated software vulnerability repair
As software vulnerabilities grow in volume and complexity, researchers proposed various
Artificial Intelligence (AI)-based approaches to help under-resourced security analysts to …
Artificial Intelligence (AI)-based approaches to help under-resourced security analysts to …
Grammar-based whitebox fuzzing
P Godefroid, A Kiezun, MY Levin - Proceedings of the 29th ACM …, 2008 - dl.acm.org
Whitebox fuzzing is a form of automatic dynamic test generation, based on symbolic
execution and constraint solving, designed for security testing of large applications …
execution and constraint solving, designed for security testing of large applications …
Security testing: A survey
Identifying vulnerabilities and ensuring security functionality by security testing is a widely
applied measure to evaluate and improve the security of software. Due to the openness of …
applied measure to evaluate and improve the security of software. Due to the openness of …
Composite constant propagation: Application to android inter-component communication analysis
Many program analyses require statically inferring the possible values of composite types.
However, current approaches either do not account for correlations between object fields or …
However, current approaches either do not account for correlations between object fields or …
TAJ: effective taint analysis of web applications
Taint analysis, a form of information-flow analysis, establishes whether values from
untrusted methods and parameters may flow into security-sensitive operations. Taint …
untrusted methods and parameters may flow into security-sensitive operations. Taint …
Automatic creation of SQL injection and cross-site scripting attacks
We present a technique for finding security vulnerabilities in Web applications. SQL Injection
(SQLI) and cross-site scripting (XSS) attacks are widespread forms of attack in which the …
(SQLI) and cross-site scripting (XSS) attacks are widespread forms of attack in which the …
Saner: Composing static and dynamic analysis to validate sanitization in web applications
Web applications are ubiquitous, perform mission-critical tasks, and handle sensitive user
data. Unfortunately, web applications are often implemented by developers with limited …
data. Unfortunately, web applications are often implemented by developers with limited …
Static detection of cross-site scripting vulnerabilities
G Wassermann, Z Su - Proceedings of the 30th international conference …, 2008 - dl.acm.org
Web applications support many of our daily activities, but they often have security problems,
and their accessibility makes them easy to exploit. In cross-site scripting (XSS), an attacker …
and their accessibility makes them easy to exploit. In cross-site scripting (XSS), an attacker …