Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
  • Zhang B, Li J, Ren J and Huang G. (2021). Efficiency and Effectiveness of Web Application Vulnerability Detection Approaches: A Review. ACM Computing Surveys. 54:9. (1-35). Online publication date: 31-Dec-2022.

    https://doi.org/10.1145/3474553

  • Liu Z, Zhao H, Li S, Li Q, Wei T and Wang Y. Privilege-Escalation Vulnerability Discovery for Large-scale RPC Services. Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security. (565-577).

    https://doi.org/10.1145/3433210.3453076

  • Ben Fadhel A, Bianculli D and Briand L. Model-driven run-time enforcement of complex role-based access control policies. Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. (248-258).

    https://doi.org/10.1145/3238147.3238167

  • Compagna L, dos Santos D, Ponta S and Ranise S. Aegis. Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. (321-328).

    https://doi.org/10.1145/3029806.3029813

  • Alhuzali A, Eshete B, Gjomemo R and Venkatakrishnan V. Chainsaw. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. (641-652).

    https://doi.org/10.1145/2976749.2978380

  • Cheng R, Scott W, Ellenbogen P, Howell J, Roesner F, Krishnamurthy A and Anderson T. Radiatus. Proceedings of the Seventh ACM Symposium on Cloud Computing. (237-250).

    https://doi.org/10.1145/2987550.2987571

  • Bocić I and Bultan T. Finding access control bugs in web applications with CanCheck. Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering. (155-166).

    https://doi.org/10.1145/2970276.2970350

  • Zhu J, Chu B and Lipford H. Detecting Privilege Escalation Attacks through Instrumenting Web Application Source Code. Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies. (73-80).

    https://doi.org/10.1145/2914642.2914661

  • Monshizadeh M, Naldurg P and Venkatakrishnan V. MACE. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. (690-701).

    https://doi.org/10.1145/2660267.2660337

  • Møller A and Schwarz M. (2014). Automated Detection of Client-State Manipulation Vulnerabilities. ACM Transactions on Software Engineering and Methodology. 23:4. (1-30). Online publication date: 5-Sep-2014.

    https://doi.org/10.1145/2531921

  • Li Z, He W, Akhawe D and Song D. The emperor's new password manager. Proceedings of the 23rd USENIX conference on Security Symposium. (465-479).

    /doi/10.5555/2671225.2671255

  • Li X and Xue Y. (2014). A survey on server-side approaches to securing web applications. ACM Computing Surveys. 46:4. (1-29). Online publication date: 1-Apr-2014.

    https://doi.org/10.1145/2541315

  • Li X, Si X and Xue Y. Automated black-box detection of access control vulnerabilities in web applications. Proceedings of the 4th ACM conference on Data and application security and privacy. (49-60).

    https://doi.org/10.1145/2557547.2557552

  • Gauthier F, Lavoie T and Merlo E. Uncovering access control weaknesses and flaws with security-discordant software clones. Proceedings of the 29th Annual Computer Security Applications Conference. (209-218).

    https://doi.org/10.1145/2523649.2523650

  • Zheng Y, Zhang X and Ganesh V. Z3-str: a z3-based string solver for web application analysis. Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering. (114-124).

    https://doi.org/10.1145/2491411.2491456

  • Xie T, Zhang L and Mei H. (2013). Report on the international symposium on high confidence software (ISHCS 2011/2012). ACM SIGSOFT Software Engineering Notes. 38:4. (27-33). Online publication date: 12-Jul-2013.

    https://doi.org/10.1145/2492248.2492282

  • Zheng Y and Zhang X. Path sensitive static analysis of web applications for remote code execution vulnerability detection. Proceedings of the 2013 International Conference on Software Engineering. (652-661).

    /doi/10.5555/2486788.2486874

  • Li X and Xue Y. LogicScope. Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security. (481-486).

    https://doi.org/10.1145/2484313.2484375

  • Payet P, Doupé A, Kruegel C and Vigna G. EARs in the wild. Proceedings of the 28th Annual ACM Symposium on Applied Computing. (1792-1799).

    https://doi.org/10.1145/2480362.2480699

  • Muthukumaran D, Jaeger T and Ganapathy V. Leveraging "choice" to automate authorization hook placement. Proceedings of the 2012 ACM conference on Computer and communications security. (145-156).

    https://doi.org/10.1145/2382196.2382215

  • Zheng Y and Zhang X. Static detection of resource contention problems in server-side scripts. Proceedings of the 34th International Conference on Software Engineering. (584-594).

    /doi/10.5555/2337223.2337292

  • Li X, Yan W and Xue Y. SENTINEL. Proceedings of the second ACM conference on Data and Application Security and Privacy. (25-36).

    https://doi.org/10.1145/2133601.2133605