OWASP Top 10 2010 rc1 ,
Precise interface identification to improve testing and analysis of web applications, Proceedings of the eighteenth international symposium on Software testing and analysis, ISSTA '09, 2009. ,
DOI : 10.1145/1572272.1572305
A combinatorial approach to building navigation graphs for dynamic web applications, 2009 IEEE International Conference on Software Maintenance, 2009. ,
DOI : 10.1109/ICSM.2009.5306321
Preventing Cross Site Request Forgery Attacks, 2006 Securecomm and Workshops, 2006. ,
DOI : 10.1109/SECCOMW.2006.359531
Robust defenses for cross-site request forgery, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, 2008. ,
DOI : 10.1145/1455770.1455782
The Same origin policy. https://developer.mozilla.org/En/ Same_origin_policy_for_JavaScript 8. phpBB Group: phpbb ,
Intrusion detection via static analysis, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001, 2001. ,
DOI : 10.1109/SECPRI.2001.924296
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.26.5910
Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry Attacks and Impossible Paths, In: RAID, 2004. ,
DOI : 10.1007/978-3-540-30143-1_2
Using static analysis for Ajax intrusion detection, Proceedings of the 18th international conference on World wide web, WWW '09, 2009. ,
DOI : 10.1145/1526709.1526785
Control-flow integrity, Proceedings of the 12th ACM conference on Computer and communications security , CCS '05, 2005. ,
DOI : 10.1145/1102120.1102165
Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications, In: RAID, 2007. ,
DOI : 10.1007/978-3-540-74320-0_4
Learning DFA representations of HTTP for protecting web applications, Computer Networks, vol.51, issue.5, 2007. ,
DOI : 10.1016/j.comnet.2006.09.016
Anomaly detection of web-based attacks, Proceedings of the 10th ACM conference on Computer and communication security , CCS '03, 2003. ,
DOI : 10.1145/948109.948144
An anomaly-driven reverse proxy for web applications, Proceedings of the 2006 ACM symposium on Applied computing , SAC '06, 2006. ,
DOI : 10.1145/1141277.1141361
RequestRodeo: Client-side Protection Against Session Riding, In: OWASP Europe, 2006. ,
Defeating Cross-Site Request Forgery Attacks with Browser-Enforced Authenticity Protection, In: Financial Cryptography and Data Security, 2009. ,
DOI : 10.1007/978-3-642-03549-4_15
Simple cross-site attack prevention, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops, SecureComm 2007, 2007. ,
DOI : 10.1109/SECCOM.2007.4550368
Ripley, Proceedings of the 16th ACM conference on Computer and communications security, CCS '09, 2009. ,
DOI : 10.1145/1653662.1653685
SIF: Enforcing confidentiality and integrity in web applications, 2007. ,
Static Enforcement of Web Application Integrity Through Strong Typing, 2009. ,