1 |
Gagnon, E. M., Hendren, L. J., "SableCC, an Object-Oriented Compiler Framework," Proc. 1998 Conf. Technology of Object-Oriented Languages and Systems (TOOLS-98), pp. 140-154, Santa Barbara, California, USA, Aug. 3-7, 1998.
DOI
|
2 |
Patrick Cousot, "Abstract Interpretation Based Formal Methods and Future Challenges", In Informatics, 10 Years Back - 10 Years Ahead, R. Wilhelm (Ed.), Lecture Notes in Computer Science 2000, pp.138-156, 2001.
DOI
ScienceOn
|
3 |
Joonsen Ahn, "Differential Evaluation of Fixpoints of Non-distributive Functions", IEICE Transactions on Information and Systems, Vol.E-86-D, No.12, pp.2710-2721, Dec., 2003.
|
4 |
Scott, D., Sharp, R. "Abstracting Application-Level Web Security," Proc. 11th Int''l Conf. World Wide Web (WWW2002), pp.396-407, May 17-22, 2002.
DOI
|
5 |
Sanctum Inc. "AppShield 4.0 Whitepaper," http://www.sanctuminc.com, 2002.
|
6 |
Kavado, Inc. "InterDo Version 3.0," Kavado Whitepaper, 2003.
|
7 |
Huang, Y. W., Huang, S. K., Lin, T. P., Tsai, C. H. "Web Application Security Assessment by Fault Injection and Behavior Monitoring," In Proc. 12th International World Wide Web Conference (WWW2003), pp.148-159, May 21-25, 2003.
|
8 |
Fortify Software, Http link: http://fortify.com
|
9 |
Alfred V. Aho, Ravi Sethi, Jeffrey D. Ullman, Compilers: Principles, Techniques and Tools, Addison Wesley.
|
10 |
Wassermann, Zhendong Su., "Sound and Precise Analysis of Web Applications for Injection Vulnerabilities," In Proceedings of PLDI 2007, pp.32-41, San Diego, CA, June 10-13, 2007
DOI
|
11 |
PHP: Hypertext Preprocessor, Http link: http://www.php.net
|
12 |
Gary Wassermann and Zhendong Su, "Static Detection of Cross-Site Scripting Vulnerabilities," In Proceedings of ICSE 2008, Leipzig, Germany, May 10-18, 2008.
DOI
|
13 |
Flemming Nielson, Hanne Riis Nielson, Chris Hankin, "Principles of Program Analysis." Springer, 452pp, 2005.
|
14 |
Patric Cousot, Radia Cousot, "Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints," Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, pp.238-252, LA, California, USA, 1977.
DOI
|
15 |
Curphey, M., Endler, D., Hau, W., Taylor, S., Smith, T., Russell, A., McKenna, G., Parke, R., McLaughlin, K., Tranter, N., Klien, A., Groves, D., By-Gad, I., Huseby, S., Eizner, M., McNamara, R. "A Guide to Building Secure Web Applications," The Open Web Application Security Project, v.1.1.1, http://www.cgisecurity.com/owasp/html/guide.html, Sep., 2002.
|
16 |
Gartner, "Now is the time for security at Application Level", 2006, 12.
|
17 |
OWASP Top Ten Project, http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project.
|
18 |
D. Turner, S. Entwisle, "Symantec Internet Security Threat Report Vol.IX - Trends for July 05-December 05," Symantec, March, 2006.
|
19 |
Common Weakness Enumeration, cwe.mitre.org.
|
20 |
Common Vulnerabilities and Exposures, mitre.cve.org.
|
21 |
SANS: CWE/SANS TOP 25 Most Dangerous Software Errors, Http link: http://www.sans.org/top25-software-errors.
|
22 |
CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion'), Http link: http://cwe.mitre.org/data/definitions/98.html
|
23 |
Scott, D., Sharp, R., "Developing Secure Web Applications," IEEE internet Computing, Vol.6, No.6, pp.38-45, Nov., 2002.
DOI
ScienceOn
|