| 1 |
심기명, "최신 웹 해킹 대응 및 개인정보보호 보안 기술", 정보통신연구진흥원, 2007.
|
| 2 |
Steve Pettit, Sanctum Inc. "Anatomy of a web application: Security considerations", Sanctum. 2001
|
| 3 |
Philipp Vogt, Florian Nentwish. Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna, "Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis.", In Proceedings of the 14th annual Network and Distributed System Security Conference, 2007
|
| 4 |
Open Web Application Security Project(OWASP), "OWASO Top 10 2007", http://www,owasp.org, 2007
|
| 5 |
MITRE, "Vulnerability Type Distributions in CVE", http://cwe.mitre.org/documents/vuln-trends/index.html 2007
|
| 6 |
Jeongseok Seo, Han-Sung Kim, Sanghyun Cho and Sungdeok Cha, "Web Server Attack Categorization Based on Root Causes and Their Locations", The International Conference on Information Technology: Coding and Computing, 2004
|
| 7 |
Xinming Ou, Wayne F. Boyer, Miles A. McQueen. "A Scalable Approach to Attack Graph Generation.", Conference on Computer and Communications Securily, 2006
|
| 8 |
Steven T. Eckmann, Giovanni Vigna and Richard A. Kemmerer, "STATL: An attack language for state-based intrusion detection", Journal of Computer Secrity, 2002
|
| 9 |
Mike Andrews, James A. Whittaker, "How to Break Web Software: Functional and Security Testing of Web Applications and Web Services", Addison-Wesley Professional, February 2006.
|
| 10 |
Web Application Security Consortium(WASC), "Web Application Security Consortium : Threat Classification", www.webappsec.org, 2004
|
| 11 |
G.A. Di Lucca, A. R. Fasolino, M. Mastroianni, P. Tramontana "Identifying Cross Site Scripting Vulnerabilities in Web Applications", Sixth IEEE International Workshop on Web Sile Evolulion, 2004
|
| 12 |
Engin Kirda, Christopher Kruegel, Giovanni Vigna and Nenad Jovanovic, "Noxes: A Client-Side Solution for Mitigating Cross-Site Scripting Attacks", Proceedings of the 2006 ACM symposium on Applied computing, 2006
|
| 13 |
Omar ISMAIL, Masashi ETOH, Youki KADOBAYASHI, Suguru YAMAGUCHI "A Proposal and Implementation of Automatic Detection/Collection System for Cross-Site Scripting Vulnerability", The 18th International Conference on Advanced Information Netwoking and Application IEEE, 2004
|
| 14 |
William G. J. Halfond and Alessandro Orso. "AMNESIA : Analysis and Monitoring for NEutralizing SQL Injection Attacks", the 20th IEEE/ACM international Conference on Automated software engineering, 2005
|
| 15 |
Gregory T, Buehrer, Bruce W. Weide, and Paolo A. G. Sivilotti, "Using parse Tree Validation to Prevent SQL Injection Attacks", The 5th international workshop on Software engineering and middleware. 2005
|
| 16 |
Guofei Jiang, "Microsoft IIS 4.0/5.0 Extended Unicode Directory Traversal Vulnerability", Institute for Security Technology Studies, Dartmouth College, 2000
|
| 17 |
Gregory T. Buehrer, Bruce W. Weide, and Paolo A. G. Sivilotti, "Using parse Tree Validation to Prevent SQL Injection Attacks", The 5th international workshop on Software engineering and middleware, 2005
|
| 18 |
Chris Anley, "Advanced SQL Injection In SQL Server Applications", Next Generation Security Software Ltd, 2002
|
| 19 |
Imperva, "Directory Traversal", http://www.imperva.com/resources/glossary/directory_traversal.html. 2007
|
| 20 |
Open Web Application Security Project(OWASP), "Testing for Directory Traversal", Open Web Application Security Project, 2007
|
webmaster
