[1]MORALEJO A.OWASP top 10 project[2017-10-21].https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf.
[2]DIMENSION F.Stealing cookie With XSS[EB\OL].[2017-06-21].http://www.go4expert.com/forums/showthread.php?t=17066.
[3]ANTUNES N,VIEIRA M.Enhancing penetration testing with attack signatures and interface monitoring for the detection of injection vulnerabilities in Web services[C]//Proceedings of IEEE International Conference on Services Computing.Washington D.C.,USA:IEEE Computer Society,2011:104-111.
[4]BAU J,BURSZTEIN E,GUPTA D,et al.State of the art:automated black-box Web application vulnerability testing[J].Security and Privacy,2010,41(3):332-345.
[5]沈寿忠,张玉清.基于爬虫的XSS漏洞检测工具设计与实现[J].计算机工程,2009,35(21):151-154.
[6]DOUPE A,CAVEDON L,KRUEGEL C,et al.Enemy of the state:a state-aware black-box vulnerability scanner[C]//Proceedings of Usenix Security Symposium.Washington D.C.,USA:IEEE Press,2012:125-134.
[7]王丹,刘源,赵文兵,等.基于用户行为模拟的XSS漏洞检测[J].大连理工大学学报,2017,57(3):302-307.
[8]DUCHENE F,RAWAT S,RICHIER J L,et al.Kameleon Fuzz:evolutionary fuzzing for black-box XSS detection[C]//Proceedings of ACM Conference on Data and Application Security and Privacy.New York,USA:ACM Press,2014:37-48.
[9]刘金辉,葛丽娜,张静,等.基于模糊测试的XSS漏洞挖掘技术研究[J].网络新媒体技术,2016,5(1):11-18.
[10]程诚,周彦晖.基于模糊测试和遗传算法的XSS漏洞挖掘[J].计算机科学,2016,43(s1):328-331.
[11]WANG Y H,MAO C H,LEE H M.Structural learning of attack vectors for generating mutated XSS attacks[J].Electronic Proceedings in Theoretical Computer Science,2010,35:15-26.
[12]TRIPP O,WEISMAN O,GUY L.Finding your way in the testing jungle:a learning approach to web security testing[C]//Proceedings of International Symposium on Software Testing and Analysis.New York,USA:ACM Press,2013:347-357.
[13]DUCHENE F,GROZ R,RAWAT S,et al.XSS vulnerability detection using model inference assisted evolutionary fuzzing[C]//Proceedings of the 5th IEEE International Conference on Software Testing,Verification and Validation.Washington D.C.,USA:IEEE Press,2012:815-817.
[14]Cross site script cheat sheet ESP:for filter evasion[EB\OL].[2017-06-21].http://ha.ckers.org/xss.html.
[15]ANTUNES J,NEVES N,CORREIA M,et al.Vulnerability discovery with attack injection[J].IEEE Transactions on Software Engineering,2010,36(3):357-370.
[16]THUMMALAPENTA S,LAKSHMI K V,SINHA S,et al.Guided test generation for web applications[C]//Proceedings of International Conference on Software Engineering.Washington D.C.,USA:IEEE Press,2013:162-171.
|