with Static Analysis V. Benjamin Livshits and Monica S. Lam Computer Science...  Home/Search
Context
Related
| stanford.edu/papers/usenixsec05.pdf Cached: PS.gz PS PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
Image Update HelpPS.gz PS PDF From: stanford.edu/research/analysis (more) (Enter author homepages) |
Rate this article:      (best)Comment on this article |
Abstract: This paper proposes a static analysis technique for detecting many recently discovered application vulnerabilities such as SQL injections, cross-site scripting, and HTTP splitting attacks. These vulnerabilities stem from unchecked input, which is widely recognized as the most common source of security vulnerabilities in Web applications. We propose a static analysis approach based on a scalable and precise points-to analysis. In our system, user-provided specifications of vulnerabilities are... (Update)
Active bibliography (related documents): More All
16.1: Finding Security Vulnerabilities in Java Applications with.. - Livshits, Lam (2005) (Correct)
0.3: Code Inection in C and CPP: A Survey of Vulnerabilities.. - Younan, Joosen, Piessens (2004) (Correct)
0.3: Adventures in Interoperability: The SML.NET Experience - Nick Benton Nick (Correct)
Similar documents based on text:
0.0: Unknown - (Correct)
BibTeX entry: (Update)
@misc{ analysis-finding,
author = "With Static Analysis",
title = "Finding Security Vulnerabilities in Java Applications",
url = "citeseer.ist.psu.edu/753512.html" }
Citations (may not include all citations):981 Principles of Database and Knowledge-Base Systems (context) - Ullman - 1989
228 Points-to analysis in almost linear time - Steensgaard - 1996
150 Parametric shape analysis via 3-valued logic - Sagiv, Reps et al. - 1999
141 StackGuard: Automatic adaptive detection and prevention of b.. - Cowan, Pu et al. - 1998
98 JFlow: practical mostly-static information flow control - Myers - 1999
72 A first step towards automated detection of buffer overrun v.. - Wagner, Foster et al. - 2000
67 O'Reilly and Associates (context) - Wall, Christiansen et al. - 1996
64 Detecting format string vulnerabilities with type qualifiers - Shankar, Talwar et al. - 2001
59 A static analyzer for finding dynamic programming errors - Bush, Pincus et al. - 2000
47 A system and language for building system-specific (context) - Hallem, Chelf et al. - 2002
18 Cloning-based context-sensitive pointer alias analysis using.. - Whaley, Lam - 2004
15 Securing Web application code by static analysis and runtime.. (context) - Huang, Yu et al. - 2004
14 Writing Secure Code (context) - Howard, LeBlanc - 2001
8 Tracking pointers with path and context sensitivity for bug .. - Livshits, Lam - 2003
7 Advanced SQL injection in SQL Server applications (context) - Anley - 2002
6 Software penetration testing (context) - Arkin, Stender et al. - 2005
5 Finding application errors using PQL: a program query langua.. (context) - Martin, Livshits et al. - 2005
5 Finding userkernel pointer bug with type inference - Wagner, kernel et al. - 2004
5 Static checking of dynamically generated queries in database.. - Gould, Su et al. - 2004
4 Computer crime and security survey (context) - Institute - 2002
4 A comparison of publicly available tools for static intrusio.. - Wilander, Kamkar - 2002
4 Java Developer's Guide to Eclipse (context) - D'Anjou, Fairbrother et al. - 2004
4 McGraw-Hill Osborne Media (context) - Litchfield, Security - 2003
3 compapermore advanced sql injection (context) - advanced, http et al. - 2002
3 Achieving Sarbanes-Oxley compliance for Web applications thr.. (context) - Beaver - 2003
3 A Web developers guide to cross-site scripting (context) - Cook - 2003
3 Hacking Exposed JEE and Java Developing Secure Application w.. (context) - Layman, Exposed et al. - 2002
3 IEEE Security and Privacy (context) - Chess, McGraw et al. - 2004
3 Paros---a tool for Web application security assessment (context) - Technologies - 2004
3 The Common Language Infrastructure Annotated Standard (context) - Miller, Ragsdale et al. - 2003
2 of Web applications are secured against common hacking techn.. (context) - Inc - 2004
2 primary classes of Web application threats (context) - Inc - 2004
2 A guide to building secure Web applications (context) - Application, Project - 2004
2 Preventing cross-site scripting vulnerability (context) - Hu - 2004
2 New software may improve application security (context) - Hulme
2 The ten most critical Web application security vulnerabiliti.. (context) - Application, Project
2 Penetration testing: A duet (context) - Geer, Harthorne - 2002
2 SQL injection attacks by example (context) - Friedl - 2004
2 Oracle multiple PLSQL injection vulnerabilitie (context) - multiple, injection et al. - 2003
2 SnipSnap: HTTP response splitting (context) - Security - 2004
2 SQL injection: Are your Web applications vulnerable (context) - Spett - 2002
2 How safe is it out there (context) - Surf, Shulman - 2004
2 Web Applications (context) - Scambray, Shema - 2002
2 Mozilla foundation security advisory (context) - Krax - 2005
2 The new techniques and emerging threats to bypass current We.. (context) - Grossman, XST - 2003
2 Detecting security vulnerabilities in Java applications with.. (context) - Livshits, Lam - 2005
2 Cross-site scripting: are your Web applications vulnerable (context) - Spett - 2002
2 Web application security trends (context) - Grossman - 2004
2 Hacking Web applications using cookie poisoning (context) - Klein - 2002
2 An introduction to SQL injection attacks for Oracle develope.. (context) - Kost - 2004
2 Divide and conquer: HTTP response splitting (context) - Klein - 2004
2 Penetration testing for Web applications (context) - Melbourne, Jorm - 2003
2 An analysis framework for security in Web applications (context) - Wassermann, Su - 2004
http://www.imperva
Documents on the same site (http://suif.stanford.edu/research/analysis.html): More
Context-Sensitive Program Analysis as Database Queries - Monica Lam John (2005) (Correct)
DynaMine: Finding Common Error Patterns by Mining Software .. - Livshits, Zimmermann (2005) (Correct)
Enhancing Software Reliability With Speculative Threads - And The Committee (Correct)
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC