[1]Garg A, Singh S. A review on Web application security vulnerabilities[J]. International Journal, 2013, 3(1): 222226[2]Antunes N, Vieira M. Defending against Web application vulnerabilities[J]. Computer, 2012, 45(2): 6672[3]中国信息安全测评中心. 中国国家信息安全漏洞库漏洞统计[DBOL]. [20160701]. http: www.cnnvd.org.cnvulnerabilitystatistics[4]Williams J, Wichers D. OWASP top 10, the ten most critical Web application security risks[R]. New York: The Open Web Application Security Project, 2013[5]OWASP. OWASP top ten project[EBOL]. (20130623) [20160914]. https:www.owasp.org index.phpCategory:OWASP_Top_Ten_Project[6]邱永华. XSS跨站脚本攻击剖析与防御[M]. 北京: 人民邮电出版社, 2013[7]Malviya V K, Saurav S, Gupta A. On security issues in Web applications through cross site scripting (XSS)[C] Proc of the 20th AsiaPacific Software Engineering Conf. Piscataway, NJ: IEEE, 2013: 583588[8]Klein A. DOM based cross site scripting or XSS of the third kind[EBOL]. (20050407) [20160910]. http:www.webappsec.orgprojectsarticles071105.shtml[9]Pan Jinkun, Mao Xiaoguang, Li Weishi. Taint inference for crosssite scripting in context of URL rewriting and HTML sanitization[J]. ETRI Journal, 2016, 38(2): 376386[10]OWASP. XSS (cross site scripting) prevention cheat sheet[EBOL]. [20160327]. https:www.owasp.orgindex.phpXSS_(Cross_Site_Scripting)[11]Shar L K, Tan H B K. Predicting SQL injection and cross site scripting vulnerabilities through mining input sanitization patterns[J]. Information and Software Technology, 2013, 55(10): 17671780[12]Kirda E, Jovanovic N, Kruegel C, et al. Clientside crosssite scripting protection[J]. Computers & Security, 2009, 28(7): 592604[13]OWASP. DOM based XSS prevention cheat sheet[EBOL]. [20160908]. https:www.owasp.orgindex.phpDOM_based_XSS_Prevention_Cheat_Sheet[14]Van Gundy M, Chen H. Noncespaces: Using randomization to defeat crosssite scripting attacks [J]. Computers & Security, 2012, 31(4): 612628[15]Shar L K, Tan H B K. Automated removal of cross site scripting vulnerabilities in Web applications[J]. Information and Software Technology, 2012, 54(5): 467478[16]曹黎波, 曹天杰. 基于动态测试的XSS漏洞检测方法研究[J]. 计算机应用与软件, 2015, 32(8): 272275[17]李洁, 俞研, 吴家顺. 基于动态污点分析的DOM XSS漏洞检测算法[J]. 计算机应用, 2016, 36(5): 12461249, 1278[18]沈寿忠, 张玉清. 基于爬虫的XSS漏洞检测工具设计与实现[J]. 计算机工程, 2009, 35(21): 151154[19]Vishnu B A, Jevitha K P. Prediction of crosssite scripting attack using machine learning algorithms[C] Proc of Int Conf on Interdisciplinary Advances in Applied Computing. New York: ACM, 2014: No.55[20]张海燕, 莫勇. 基于决策树分类的跨站脚本攻击检测方法[J]. 微型机与应用, 2015, 34(16): 5557, 61[21]Guo Xiaobing, Jin Shuyuan, Zhang Yaxing. XSS vulnerability detection using optimized attack vector repertory[C] Proc of Int Conf on Cyber Enabled Distributed Computing and Knowledge Discovery. Piscataway, NJ: IEEE, 2015: 2936孙伟
|