参考文献
[1]Livshits V B,Lam M S.Finding Security Vulnerabilities in Java Applications with Static Analysis[C]//Proceedings of the 14th USENIX Security Symposium.New York,USA:ACM Press,2005:18-33.
[2]Son S,McKinley K S,Shmatikov V.Diglossia:Detecting Code Injection Attacks with Precision and Efficiency[C]//Proceedings of ACM Conference on Computer and Communications Security.New York,USA:ACM Press,2013:1181-1192.
[3]Jovanovic N,Kruegel C,Kirda E.Static Analysis for Dete-cting Taint-style Vulnerabilities in Web Applications[J].Journal of Computer Security,2010,18(5):861-907.
[4]黄强,曾庆凯.基于信息流策略的污点传播分析及动态验证[J].软件学报,2011,22(9):2036-2048.
[5]Wasserman G,Su Z.Static Detection of Cross-site Scripting Vulnerabilities[C]//Proceedings of the 30th ACM/IEEE International Conference on Software Engineering.New York,USA:ACM Press,2008:171-180.
[6]Dahse J,Holz T.Simulation of Built-in PHP Features for Precise Static Code Analysis[C]//Proceedings of Network and Distributed System Security Symposium.San Diego,USA:[s.n.],2014:1-15.
[7]Tripp O,Pistoia M,Fink S.TAJ:Effective Taint Analysis of Web Applications[C]//Proceedings of ACM SIGPLAN 2009 Conference on Programming Language Design and Implementation.New York,USA:ACM Press,2009:87-97.
[8]Martin M,Livshits B,Lam M S.Finding Application Errors and Security Flaws Using PQL:A Program Query Language[C]//Proceedings of the 20th Annual Conference of Object-oriented Programming,Systems,Languages and Applications.New York,USA:ACM Press,2005:365-383.
[9]Horwitz S,Reps T,Binkley D.Interprocedural Slicing Using Dependence Graphs[C]//Proceedings of ACM SIGPLAN Conference on Programming Language Design and Implementation.New York,USA:ACM Press,1988:26-60.
[10]Sridharan M,Fink S J,Bodík R.Thin Slicing[C]//Proceedings of ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation.New York,USA:ACM Press,2007:112-122.
[11]Gopan D,Reps T.Guided Static Analysis[C]//Pro-ceedings of the 14th International Static Analysis Sympo-sium.Berlin,Germany:Springer-Verlag,2007:349-365.
[12]Raja V,Gagnon E,Laurie J H,et al.Optimizing Java Byte-code Using the Soot Framework:Is It Feasible?[C]//Proceedings of the 9th International Conference of Compiler Construction.Berlin,Germany:Springer-Verlag,2000:18-34.
[13]Cormen T H,Leiserson C E,Rivest R L.Introduction to Algorithms[M].Cambridge,USA:MIT Press,1990.
[14]GoogleInc..The BodgeIt Store[EB/OL].[2015-03-15].http://code.google.com/p/bodgeit.
[15]OWASP.Category:OWASP WebGoat Project[EB/OL].[2015-03-21].https://www.owasp.org/index.php/Cate-gory:OWASP_WebGoat_Project.
编辑刘冰 |