[1]Category:OWASP top ten project-OWASP[EB/OL].[2017-07-24].https://www.owasp.org/index.php/Top10#OWASP_Top_10_for_2013.
[2]Vulnerabilitynote VU#571584-Google Gmail cross-site request forgery vulnerability[EB/OL].[2017-06-24].http://www.kb.cert.org/vuls/id/571584.
[3]分享一个jsonp劫持造成的新浪某社区CSRF蠕虫|离别歌[EB/OL].[2017-07-24].https://www.leavesongs.com/HTML/sina-jsonp-hijacking-csrf-worm.html.
[4]CSRF in Facebook/Dropbox[EB/OL].[2017-07-24].http://blog.intothesymmetry.com/2017/04/csrf-in-facebookdropbox-mallory-added.html.
[5]乌云搜索|搜索结果[EB/OL].[2017-07-24].http://cb.drops.wiki/search.php?kind=bugs&keywords=csrf.
[6]孙丹.浅析 CSRF 攻击方式及防御技术研究[J].科技广场,2016(7):78-83.
[7]CALZAVARA S,TOLOMEI G,CASINI A,et al.A supervised learning approach to protect client authentication on the Web[J].ACM Transactions on the Web,2015,9(3):15.
[8]CVE-2016-7401-Django CSRF防御绕过漏洞分析[EB/OL].[2017-08-12].http://bobao.360.cn/learning/detail/3065.html.
[9]Hacking Slack using postMessage and WebSocket-reconnct to steal your precious token[EB/OL].[2017-08-12].https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reco nnect-to-steal-your-precious-token/.
[10]DE RYCK P,DESMET L,HEYMAN T,et al.CsFire:transparent client-side mitigation of malicious cross-domain requests[C]//Proceedings of International Symposium on Engineering Secure Software and Systems.Berlin,Germany:Springer,2010:18-34.
[11]MAO Z,LI N,MOLLOY I.Defeating cross-site request forgery attacks with browser-enforced authenticity protection[C]//Proceedings of International Conference on Financial Cryptography and Data Security.Washington D.C.,USA:IEEE Press,2009:238-255.
[12]蔡亮,刘世贤.同源信用引用协议研究[J].计算机工程,2010,36(12):184-186.
[13]BOYD S W,KEROMYTIS A D.SQLrand:preventing SQL injection attacks[C]//Proceedings of International Conference on Applied Cryptography and Network Security.Berlin,Germany:Springer,2004:292-302.
[14]李原,蒋华伟.基于指令集随机化的 SQL 注入防御技术研究[J].计算机与数字工程,2009,37(1):96-99.
[15]黄俊,程绍银,蒋凡.基于指令集随机化的 XSS 检测和防御系统[J].电子技术,2014 (4):8-11.
[16]VAN GUNDY M,CHEN H.Noncespaces:using randomization to enforce information flow tracking and thwart cross-site scripting attacks[C]//Proceedings of NDSS’09.Washington D.C.,USA:IEEE Press,2009:125-136.
[17]CSRF-protection:randomization defensive against CSRF attack[EB/OL].[2017-05-21].https://github.com/spoock1024/CSRF-Protection.
[18]CZESKIS A,MOSHCHUK A,KOHNO T,et al.Lightweight server support for browser-based CSRF protection[C]//Proceedings of the 22nd International Conference on World Wide Web.New York,USA:ACM Press,2013:273-284.
[19]梁晟,李明树,梁金能,等.Web应用程序运行响应时间的实验研究[J].计算机研究与发展,2003,40(7):1076-1080. |