Communications of the Korean Institute of Information Scientists and Engineers (정보과학회지)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

오픈 소스 웹 취약점 스캐너의 성능 분석

  • Published : 2018.03.15
Download PDF
⟨ Previous Next ⟩

Abstract

Keywords

References

  1. J. Bau, E. Bursztein, D. Gupta and J. Mitchell, "State of the art: Automated black-box web application vulnerability testing", In Proceedings of IEEE Symposium on Security and Privacy, 2010.
  2. A. Dessiatnikoff, R. Akrout, E. Alata, M. Kaaniche and V. Nicomette, "Clustering approach for web vulnerabilities detection", 17th PRDC. IEEE, pp. 194-203, 2011.
  3. F. Duchène, S. Rawat, J. Richier and R. Groz, "LigRE : Remote-Engineering of Control and Data Flow Models for Black-Box XSS Detection", 20th WCRE. IEEE, pp. 252-261, 2013.
  4. F. Duchène, S. Rawat, J. Richier and Roland Groz "KameleonFuzz: Evolutionary Fuzzing for Bloack Box XSS Detection", In CODASPY. ACM, 2014.
  5. Docker, https://www.docker.com/
  6. S. Son, K. McKinley, and V. Shmatikov, "RoleCast: Finding missing security checks when you do not know what checks are", In OOPSLA, pp 1069-1084, 2011.
  7. S. Son and V. Shmatikov., "SAFERPHP: Finding semantic vulnerabilities in PHP applications", In PLAS, 2011
  8. W. Halfond, J. Viegas, and A. Orso., "A classification of SQLinjection attacks and countermeasures.", in Proceedings of the IEEE International Symposium on Secure Software Engineering, Arlington, VA, USA. 2006.
  9. A. Klein., "Cross site scripting explained", https://crypto.stanford.edu/cs155/papers/CSS.pdf, 2002.
  10. https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion
  11. https://www.owasp.org/index.php/Testing_for_Remote_File_Inclusion
  12. https://www.acunetix.com/websitesecurity/directorytraversal/
  13. Y. Zheng and X. Zhang, "Path sensitive static analysis of Web applications for remote code execution vulnerability detection," in Proc. of ISSRE'13. IEEE, pp. 652-661, 2013
  14. A. Barth, C. Jackson, and J. Mitchell. Robust defenses for cross-site request forgery. In CCS, 2008.
  15. C. Timberg, E. Dwoskin and B. Fung, "Data of 143 million Americans exposed in hack of credit reporting agency Equifax", https://www.washingtonpost.com/business/technology/equifax-hack-hits-credit-histories-of-up-to-143-million-americans/2017/09/07/a4ae6f82-941a-11e7-b9bc-b2f7903bab0d_story.html?utm_term=.f07df1cfdf73, Washingtonpost, September. 2017
  16. 강종구, "KT 홈페이지 해킹...1천200만명 개인정보 털렸다", http://www.yonhapnews.co.kr/society/2014/03/06/0702000000AKR20140306145700065.HTML, 연합뉴스, 2014년 3월
  17. M. Vieira, N. Antunes and H. Madeira, "Using Web Security Scanners to Detect Vulnerabilities in Web Services", IEEE/IFIP International conference on (2009), IEEE, pp. 566-571, 2009
  18. WhiteHat Security. WhiteHat website security statistics report. https://www.whitehatsec.com/resources-category/premium-content/web-application-stats-report-2017/, 2017.
  19. G. Wasserman and Z. Su. Sound and precise analysis of Web applications for injection vulnerabilities. In PLDI, pages 32-41, 2007.
  20. Y. Xie and A. Aiken. Static detection of security vulnerabilities in scripting languages. In USENIX Security, pages 179-192, 2006.