Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper) (2006)

by Nenad Jovanovic , Christopher Kruegel , Engin Kirda
Venue:IN 2006 IEEE SYMPOSIUM ON SECURITY AND PRIVACY
Citations:136 - 19 self

Documents Related by Co-Citation

136 Static Detection of Security Vulnerabilities in Scripting Languages – Yichen Xie, Alex Aiken
166 Securing Web Application Code by Static Analysis and Runtime Protection – Yao-Wen Huang, Fang Yu, Christian Hang, Chung-hung Tsai, D. T. Lee, Sy-yen Kuo - 2004
148 Automatically hardening web applications using precise tainting – Anh Nguyen-tuong, Salvatore Guarnieri, Doug Greene, David Evans - 2005
89 Defending against Injection Attacks through Context-Sensitive String Evaluation – Tadeusz Pietraszek, Chris Vanden Berghe, Chris V, En Berghe - 2005
129 The essence of command injection attacks in web applications – Zhendong Su - 2006
65 JavaScript Instrumentation for Browser Security – D Yu, A Chander, N Islam, I Serikov - 2007
73 Noxes: A Client-Side Solution for Mitigating Cross-Site Scripting Attacks – Engin Kirda, Christopher Kruegel, Giovanni Vigna, Nenad Jovanovic - 2006
117 Finding Security Vulnerabilities in Java Applications with Static Analysis – V. Benjamin Livshits , Monica S. Lam - 2005
85 Defeating Script Injection Attacks with Browser-Enforced Embedded Policies – Trevor Jim - 2007
95 AMNESIA: Analysis and monitoring for neutralizing SQL injection attacks – William G J Halfond, Alessandro Orso - 2005
81 Static Approximation of Dynamically Generated Web Pages – Yasuhiko Minamide - 2005
62 Finding security errors in Java programs with static analysis – V B Livshits, M S Lam - 2005
147 Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks – Wei Xu, Sandeep Bhatkar, R. Sekar - 2006
111 Sound and Precise Analysis of Web Applications for Injection Vulnerabilities – Gary Wassermann, Zhendong Su - 2007
40 Detecting Malicious JavaScript Code in Mozilla – O Hallaraker, G Vigna - 2005
78 BrowserShield: Vulnerability-driven filtering of dynamic HTML – Charles Reis, John Dunagan, Helen J. Wang, Opher Dubrovsky, Saher Esmeir
59 Dynamic Taint Propagation for Java – Vivek Haldar, Deepak Chandra, Michael Franz - 2005
482 Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software – James Newsome, Dawn Song - 2005
576 Language-Based Information-Flow Security – Andrei Sabelfeld , Andrew C. Myers - 2003