참고문헌
- 심기명, "최신 웹 해킹 대응 및 개인정보보호 보안 기술", 정보통신연구진흥원, 2007.
- Steve Pettit, Sanctum Inc. "Anatomy of a web application: Security considerations", Sanctum. 2001
- Philipp Vogt, Florian Nentwish. Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna, "Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis.", In Proceedings of the 14th annual Network and Distributed System Security Conference, 2007
- Open Web Application Security Project(OWASP), "OWASO Top 10 2007", http://www,owasp.org, 2007
- MITRE, "Vulnerability Type Distributions in CVE", http://cwe.mitre.org/documents/vuln-trends/index.html 2007
- Jeongseok Seo, Han-Sung Kim, Sanghyun Cho and Sungdeok Cha, "Web Server Attack Categorization Based on Root Causes and Their Locations", The International Conference on Information Technology: Coding and Computing, 2004
- Xinming Ou, Wayne F. Boyer, Miles A. McQueen. "A Scalable Approach to Attack Graph Generation.", Conference on Computer and Communications Securily, 2006
- Steven T. Eckmann, Giovanni Vigna and Richard A. Kemmerer, "STATL: An attack language for state-based intrusion detection", Journal of Computer Secrity, 2002
- Mike Andrews, James A. Whittaker, "How to Break Web Software: Functional and Security Testing of Web Applications and Web Services", Addison-Wesley Professional, February 2006.
- Web Application Security Consortium(WASC), "Web Application Security Consortium : Threat Classification", www.webappsec.org, 2004
- G.A. Di Lucca, A. R. Fasolino, M. Mastroianni, P. Tramontana "Identifying Cross Site Scripting Vulnerabilities in Web Applications", Sixth IEEE International Workshop on Web Sile Evolulion, 2004
- Engin Kirda, Christopher Kruegel, Giovanni Vigna and Nenad Jovanovic, "Noxes: A Client-Side Solution for Mitigating Cross-Site Scripting Attacks", Proceedings of the 2006 ACM symposium on Applied computing, 2006
- Omar ISMAIL, Masashi ETOH, Youki KADOBAYASHI, Suguru YAMAGUCHI "A Proposal and Implementation of Automatic Detection/Collection System for Cross-Site Scripting Vulnerability", The 18th International Conference on Advanced Information Netwoking and Application IEEE, 2004
- William G. J. Halfond and Alessandro Orso. "AMNESIA : Analysis and Monitoring for NEutralizing SQL Injection Attacks", the 20th IEEE/ACM international Conference on Automated software engineering, 2005
- Gregory T, Buehrer, Bruce W. Weide, and Paolo A. G. Sivilotti, "Using parse Tree Validation to Prevent SQL Injection Attacks", The 5th international workshop on Software engineering and middleware. 2005
- Gregory T. Buehrer, Bruce W. Weide, and Paolo A. G. Sivilotti, "Using parse Tree Validation to Prevent SQL Injection Attacks", The 5th international workshop on Software engineering and middleware, 2005
- Chris Anley, "Advanced SQL Injection In SQL Server Applications", Next Generation Security Software Ltd, 2002
- Imperva, "Directory Traversal", http://www.imperva.com/resources/glossary/directory_traversal.html. 2007
- Guofei Jiang, "Microsoft IIS 4.0/5.0 Extended Unicode Directory Traversal Vulnerability", Institute for Security Technology Studies, Dartmouth College, 2000
- Open Web Application Security Project(OWASP), "Testing for Directory Traversal", Open Web Application Security Project, 2007