참고문헌
- J. Bau, E. Bursztein, D. Gupta and J. Mitchell, "State of the art: Automated black-box web application vulnerability testing", In Proceedings of IEEE Symposium on Security and Privacy, 2010.
- A. Dessiatnikoff, R. Akrout, E. Alata, M. Kaaniche and V. Nicomette, "Clustering approach for web vulnerabilities detection", 17th PRDC. IEEE, pp. 194-203, 2011.
- F. Duchène, S. Rawat, J. Richier and R. Groz, "LigRE : Remote-Engineering of Control and Data Flow Models for Black-Box XSS Detection", 20th WCRE. IEEE, pp. 252-261, 2013.
- F. Duchène, S. Rawat, J. Richier and Roland Groz "KameleonFuzz: Evolutionary Fuzzing for Bloack Box XSS Detection", In CODASPY. ACM, 2014.
- Docker, https://www.docker.com/
- S. Son, K. McKinley, and V. Shmatikov, "RoleCast: Finding missing security checks when you do not know what checks are", In OOPSLA, pp 1069-1084, 2011.
- S. Son and V. Shmatikov., "SAFERPHP: Finding semantic vulnerabilities in PHP applications", In PLAS, 2011
- W. Halfond, J. Viegas, and A. Orso., "A classification of SQLinjection attacks and countermeasures.", in Proceedings of the IEEE International Symposium on Secure Software Engineering, Arlington, VA, USA. 2006.
- A. Klein., "Cross site scripting explained", https://crypto.stanford.edu/cs155/papers/CSS.pdf, 2002.
- https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion
- https://www.owasp.org/index.php/Testing_for_Remote_File_Inclusion
- https://www.acunetix.com/websitesecurity/directorytraversal/
- Y. Zheng and X. Zhang, "Path sensitive static analysis of Web applications for remote code execution vulnerability detection," in Proc. of ISSRE'13. IEEE, pp. 652-661, 2013
- A. Barth, C. Jackson, and J. Mitchell. Robust defenses for cross-site request forgery. In CCS, 2008.
- C. Timberg, E. Dwoskin and B. Fung, "Data of 143 million Americans exposed in hack of credit reporting agency Equifax", https://www.washingtonpost.com/business/technology/equifax-hack-hits-credit-histories-of-up-to-143-million-americans/2017/09/07/a4ae6f82-941a-11e7-b9bc-b2f7903bab0d_story.html?utm_term=.f07df1cfdf73, Washingtonpost, September. 2017
- 강종구, "KT 홈페이지 해킹...1천200만명 개인정보 털렸다", http://www.yonhapnews.co.kr/society/2014/03/06/0702000000AKR20140306145700065.HTML, 연합뉴스, 2014년 3월
- M. Vieira, N. Antunes and H. Madeira, "Using Web Security Scanners to Detect Vulnerabilities in Web Services", IEEE/IFIP International conference on (2009), IEEE, pp. 566-571, 2009
- WhiteHat Security. WhiteHat website security statistics report. https://www.whitehatsec.com/resources-category/premium-content/web-application-stats-report-2017/, 2017.
- G. Wasserman and Z. Su. Sound and precise analysis of Web applications for injection vulnerabilities. In PLDI, pages 32-41, 2007.
- Y. Xie and A. Aiken. Static detection of security vulnerabilities in scripting languages. In USENIX Security, pages 179-192, 2006.