Intrusion Prevention in Multi-tier Web Applications using Double Guard
D. Bates, A. Barth, and C. Jackson. “Regular expressions considered harmful in client-side xss filters”. In Proceedings of the 19th international conference on World wide web, 2010.
W. Robertson, F. Maggi, C. Kruegel, and G. Vigna. “Effective Anomaly Detection with Scarce Training Data”. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2010.
J. Newsome, B. Karp, and D. X. Song. “Polygraph: Automatically generating signatures for polymorphic worms”. In IEEE Symposium on Security and Privacy. IEEE Computer Society, 2005.
G. Vigna, F. Valeur, D. Balzarotti, W. K. Robertson, C. Kruegel, and E. Kirda. “Reducing errors in the anomaly-based detection of web-based attacks through the combined analysis of web requests and SQL queries”. Journal of Computer Security, 17(3):305–329, 2009.
B. Parno, J. M. McCune, D. Wendlandt, D. G. Andersen, and A. Perrig.” CLAMP: Practical prevention of large-scale data leaks”. In IEEE Symposium on Security and Privacy. IEEE Computer Society, 2009.
F. Valeur, G. Vigna, C. Kr¨ugel, and R. A. Kemmerer. “A comprehensive approach to intrusion detection alert correlation”. IEEE Trans. Dependable Sec. Comput, 1(3), 2004.
R. Sekar. “An efficient black-box technique for defeating web application attacks”. In NDSS. The Internet Society, 2009.
V. Felmetsger, L. Cavedon, C. Kruegel, and G. Vigna. “Toward Automated Detection of Logic Vulnerabilities in Web Applications”. In Proceedings of the USENIX Security Symposium, 2010.
Stavrou, G. Cretu-Ciocarlie, M. Locasto, and S. Stolfo.” Keep your friends close: the necessity for updating an anomaly sensor with legitimate environment changes”. In Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence, 2009.
M. Cova, D. Balzarotti, V. Felmetsger, and G. Vigna.” Swaddler: An Approach for the Anomaly-based Detection of State Violations in Web Applications”. In RAID 2007.
M. Roesch,“Snort, Intrusion Detection system,” www.snort.org/2011
H. Debar, M. Dacier, A. Wespi, "Towards a taxonomy of intrusion-detection systems", Computer Networks, No. 31, 1999
"Five Common Web Application Vulnerabilities," http://www. symantec.com/connect/articles/five-common-web-applicationvulnerabilities, 2011.
"Common Vulnerabilities and Exposures," http://www. cve. mitre. org/, 2011.
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution 3.0 License.