, State of the Art: Automated Black-Box Web Application Vulnerability Testing, 2010 IEEE Symposium on Security and Privacy, pp.332-345, 2010.
DOI : 10.1109/SP.2010.27
, Why Johnny Can???t Pentest: An Analysis of Black-Box Web Vulnerability Scanners, DIMVA, pp.111-131, 2010.
DOI : 10.1007/978-3-642-14215-4_7
, Hacme Bank v2.0, 2006.
, mXSS attacks, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, CCS '13, pp.777-788, 2013.
DOI : 10.1145/2508859.2516723
, DOM based cross site scripting or XSS of the third kind, 2005.
, 25 million flows later, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, CCS '13, pp.1193-1204, 2013.
DOI : 10.1145/2508859.2516703
, Two years of short URLs internet measurement, Proceedings of the 22nd international conference on World Wide Web, WWW '13, pp.861-872, 2013.
DOI : 10.1145/2488388.2488463
, XSS in confined spaces, 2011.
, Botnet judo: Fighting spam with itself, DNSS, 2010.
, Context-sensitive auto-sanitization in web templating languages using type qualifiers, Proceedings of the 18th ACM conference on Computer and communications security, CCS '11, pp.587-600, 2011.
DOI : 10.1145/2046707.2046775
, Dell SecureWorks Threat Report for 2012, 2012. URL http://www.secureworks.com/cyber-threat-intelligence, p.2012
, Analyzing the accuracy and time costs of web application security scanners, 2010.
, XSS shortening cheatsheet, 2012. URL http://labs.neohapsis. com, p.xss-shortening-cheatsheet, 2012.
, Web Application Vulnerability Statistics 2013, 2013.
, Using web security scanners to detect vulnerabilities in web services, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks, pp.566-571, 2009.
DOI : 10.1109/DSN.2009.5270294