References
- "Vulnerability distribution of cve security vulnerabilities by types", https://www.cvedetails.com/vulnerabilities-by-types.php, Accessed: Oct. 10, 2017.
- "CVE - Search Results", https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=XSS, Accessed: Oct. 10, 2017.
- OWASP, "Source Code Analysis Tools - OWASP", URL: https://www.owasp.org/index.php/Source_Code_Analysis_Tools, Accessed: Feb. 24, 2018.
- Floe, "Phpcs-security-audit", URL: https://github.com/FloeDesignTechnologies/phpcs-security-audit,
- Bob, "CodeSniffer Part 4: How does CodeSniffer Work | King Kludge", URL: http://www.kingkludge.net/2009/02/codesniffer-part-4-how-does-codesniffer-work/, Accessed: Feb. 19, 2018.
- Paulo Nunes, Jose Fonseca, and Marco Vieira, "PhpSAFE: A Security Analysis Tool for OOP Web Application Plugins", Proc. Int. Conf. Dependable Syst. Networks, vol. 2015-Septe, pp. 299-306, 2015. DOI: http://doi.org/10.1109/DSN.2015.16
- Nenad Jovanovic, C. Kruegel, and E. Kirda, "Pixy: a static analysis tool for detecting Web application vulnerabilities", in 2006 IEEE Symp. Secur. Priv., 2006, pp. 6 pp. - 263. DOI: http://doi.org/10.1109/SP.2006.29
- Johannes Dahse, "RIPS-A static source code analyser for vulnerabilities in PHP scripts", Retrieved Febr., vol. 28, p. 2012, 2010.URL: http://www.nds.rub.de/media/nds/attachments/files/2010/09/rips-paper.pdf
- Nick Dunn and John Murray, "Visual Code Grepper".URL: https://github.com/nccgroup/VCG
- Iberia Medeiros, Nuno F. Neves, and Miguel Correia, "Automatic detection and correction of web application vulnerabilities using data mining to predict false positives", in Proc. 23rd Int. Conf. World wide web - WWW '14, 2014, pp. 63-74. DOI: http://doi.org/10.1145/2566486.2568024
- Michael V. Scovetta, "Yasca: Yet Another Source Code Analyzer".URL: http://scovetta.github.io/yasca/
- "PMD", URL: https://pmd.github.io/, Accessed: Feb. 19, 2018.
- Jakob Kallin and Irene Lobo Valbuena, "Excess XSS: A comprehensive tutorial on cross-site scripting", URL: https://excess-xss.com/, Accessed: Mar. 22, 2017.
- Andreas Gohr and DokuWiki, "DokuWiki", URL: https://github.com/splitbrain/dokuwiki
- "PHPMyWind",URL: http://phpmywind.com/
- PHP Outburst, "Ultimate PHP Board". URL: https://github.com/PHP-Outburst/MyUPB
- Bobcares, "Gift Certificate Creator", URL: https://wordpress.org/plugins/gift-certificate-creator/,
- Robot with Emotions, "Slideshow Gallery Pro - WordPress Plugins", URL: https://wordpress.org/plugins/slideshow-gallery-pro/, Accessed: Feb. 13, 2018.
- Alfred V. Aho, Monica S. Lam, Ravi Sethi, and Jeffrey D. Ullman, "Compilers: Principles, Techniques, and Tools", 2006. ISBN: 978-0321486813, 2006.
- Flemming Nielson, Hanne R. Nielson, and Chris Hankin, "Principles of Program Analysis", Berlin, Heidelberg: Springer Berlin Heidelberg, 1999. DOI: http://doi.org/10.1007/978-3-662-03811-6
- Misha Zitser, Richard Lippmann, and Tim Leek, "Testing static analysis tools using exploitable buffer overflows from open source code", ACM SIGSOFT Softw. Eng. Notes, vol. 29, no. 6, p. 97, 2004. DOI: http://doi.org/10.1145/1041685.1029911
- Nurul. Atiqah. A. Talib and Kyung-Goo Doh, "Assessment of dynamic open-source cross-site scripting filters for web application", KSII Trans. Internet Inf. Syst., vol. 15, no. 10, pp. 3750-3770, 2021. DOI: http://doi.org/10.3837/tiis.2021.10.015
- Davide Pasetto, Fabrizio Petrini, and Virat Agarwal, "Tools for very fast regular expression matching", Computer (Long. Beach. Calif)., vol. 43, no. 3, pp. 50-58, 2010. DOI: http://doi.org/10.1109/MC.2010.80
- Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai Lee, and Sy-Yen Kuo, "Securing web application code by static analysis and runtime protection", Proc. 13th Conf. World Wide Web - WWW '04, p. 40, 2004. DOI: http://doi.org/10.1145/988672.988679
- H. G. Rice, "Classes of recursively enumerable sets and their decision problems", Trans. Am. Math. Soc., vol. 74, no. 2, pp. 358-358, 1953. DOI: http://doi.org/10.1090/S0002-9947-1953-0053041-6
- Brian V. Chess and Gary E. McGraw, "Static analysis for security", IEEE Secur. Priv., vol. 2, no. 6, pp. 76-79, 2004. DOI: http://doi.org/10.1109/MSP.2004.111
- Michael Buckland and Fredric Gey, "The relationship between Recall and Precision", J. Am. Soc. Inf. Sci., vol. 45, no. 1, pp. 12-19, Jan. 1994. DOI: http://doi.org/10.1002/(SICI)1097-4571(199401)45:1<12::AID-ASI2>3.0.CO;2-L
- Mikhail Belyaev and Vladimir Itsykson, "Fast and Safe Concrete Code Execution for Reinforcing Static Analysis and Verification", Model. Anal. Inf. Syst., vol. 22, no. 6, pp. 763-772, Jan. 2016. DOI: http://doi.org/10.18255/1818-1015-2015-6-763-772
- Gorel Hedin, "Compiler Construction", vol. 9031, 2015. DOI: http://doi.org/10.1007/978-3-662-46663-6
- Lucas Torri, Guilherme Fachini, et al., "An evaluation of free/open source static analysis tools applied to embedded software", in 2010 11th Lat. Am. Test Work., Mar. 2010, pp. 1-6. DOI: http://doi.org/10.1109/LATW.2010.5550368
- Aniqua Z. Baset and Tamara Denning, "IDE Plugins for Detecting Input-Validation Vulnerabilities", 2017. DOI: http://doi.org/10.1109/SPW.2017.37
- Larry Suto, "Analyzing the Accuracy and Time Costs of Web Application Security Scanners", 2010. Accessed: Sep. 22, 2017. URL: https://www.beyondtrust.com/wp-content/uploads/Analyzing-the-Accuracy-and-Time-Costs-of-Web-Application-Security-Scanners.pdf
- Mansour Alsaleh, Noura Alomar, Monirah Alshreef, Abdulrahman Alarifi, and AbdulMalik Al-Salman, "Performance-Based Comparative Assessment of Open Source Web Vulnerability Scanners", Secur. Commun. Networks, vol. 2017, pp. 1-14, 2017. DOI: http://doi.org/10.1155/2017/6158107
- Nuno Antunes and Marco Vieira, "Comparing the Effectiveness of Penetration Testing and Static Code Analysis on the Detection of SQL Injection Vulnerabilities in Web Services", in 2009 15th IEEE Pacific Rim Int. Symp. Dependable Comput., Nov. 2009, pp. 301-306. DOI: http://doi.org/10.1109/PRDC.2009.54
- Nuno Antunes and Marco Vieira, "Security Testing in SOAs: Techniques and Tools BT - Innovative Technologies for Dependable OTS-Based Critical Systems: Challenges and Achievements of the CRITICAL STEP Project", D. Cotroneo, Ed. Milano: Springer Milan, 2013, pp. 159-174. DOI: http://doi.org/10.1007/978-88-470-2772-5_12