Computer Science ›› 2023, Vol. 50 ›› Issue (2): 346-352.doi: 10.11896/jsjkx.211100166
• Information Security • Previous Articles Next Articles
MA Qican, WU Zehui, WANG Yunchao, WANG Xinlei
CLC Number:
[1]KULENOVIC M,DONKO D.A survey of static code analysismethods for security vulnerabilities detection[C]//International Convention on Information and Communication Technology,Electronics and Microelectronics.2014:1381-1386. [2]YAMAGUCHI F,GOLDE N,ARP D,et al.Modeling and discovering vulnerabilities with code property graphs[C]//2014 IEEE Symposium on Security and Privacy.IEEE,2014:590-604. [3]KUSHNIR M,FAVRE O,RENNHARD M,et al.Automatedblack box detection of HTTP GET request-based access control vulnerabilities in web applications[C]//ICISSP 2021.SciTePress,2021:204-216. [4]GAO R,ZHOU C L,ZHU R.Research on vulnerability mining technology of network application program [J].Modern Electronics Technique,2018,41(3):115-119. [5]The OWASP Top 10 2021.[OL].https://owasp.org/Top10/. [6]SUN F,XU L,SU Z.Static Detection of Access Control Vulnerabilities in Web Applications[C]//USENIX Security Sympo-sium.2011. [7]MA L,YAN Y,XIE H.A new approach for detecting access control vulnerabilities[C]//2019 7th International Conference on Information,Communication and Networks(ICICN).IEEE,2019:109-113. [8]DEEPA G,THILAGAM P S,PRASEED A,et al.DetLogic:A black-box approach for detecting logic vulnerabilities in web applications[J].Journal of Network and Computer Applications,2018,109:89-109. [9]LI X,SI X,XUE Y.Automated black-box detection of accesscontrol vulnerabilities in web applications[C]//Proceedings of the 4th ACM Conference on Data and Application Security and Privacy.2014:49-60. [10]LI X,XUE Y.LogicScope:Automatic discovery of logic vulnerabilities within webapplications[C]//Proceedings of the 8th ACM SIGSAC Symposium on Information,Computer and Communications Security.2013:481-486. [11]FELMETSGER V,CAVEDON L,KRUEGEL C,et al.Toward automated detection of logic vulnerabilities in web applications[C]//USENIX Security Symposium.2010. [12]Acunetix Vulnerability Scanner 2021[OL].https://www.acunetix.com/vulnerability-scanner/. [13]HCLAppScan[OL].https://www.hcltechsw.com/appscan. [14]Fotify2021[OL].https://www.microfocus.com/enus/cyberres/application-security. [15]Coverity.2021[OL].https://scan.coverity.com/. [16]LI S H,SUN Q H,ZHAO M Y.A machine learning-based approach to detecting overrun vulnerabilities[J].China Security Protection Technology and Application,2021(2):67-72. [17]JIANG H T,GUO Y J,CHEN H,et al.State-machine based vulnerability detection method for mobile application overridden access[J].Journal of Nanjing University of Science and Technology,2017,41(4):434-441. [18]Qianlitp.2019.Crawlergo.A powerful browser crawler for web vulnerability scanners [OL].https://github.com/Qianlitp/crawlergo. [19]LI M L,LU Y L,HUANG H,et al.Guided Grey-Box Fuzzing Test Method Combining Distance and Weight[J].Computer Engineering,2021,47(3):147-154. [20]ZHANG J,JING W,CHEN F.Vulnerability detection of instant messaging network protocol based on passive clustering algorithm[J].Journal of Jilin University(Engineering and Technology Edition),2021,51(6):2253-2258. |
[1] | LI Zi-dong, YAO Yi-fei, WANG Wei-wei, ZHAO Rui-lian. Web Application Page Element Recognition and Visual Script Generation Based on Machine Vision [J]. Computer Science, 2022, 49(11): 65-75. |
[2] | GUO Jun-xia, GUO Ren-fei, XU Nan-shan and ZHAO Rui-lian. Study on Construction of EFSM Model for Web Application Based on Session [J]. Computer Science, 2018, 45(4): 203-207. |
[3] | HE Tao,MIAO Huai-kou and QIAN Zhong-sheng. Modeling and Test Case Generation for Ajax-based WA [J]. Computer Science, 2014, 41(8): 219-223. |
[4] | ZHENG Di-wen,SHEN Li-wei,PENG Xin and ZHAO Wen-yun. Component Composition Technology and Tool Based on AJAX for Web Application [J]. Computer Science, 2014, 41(11): 152-156. |
[5] | FANG Yi-meng,MA Yun,LIU Xuan-zhe and HUANG Gang. MobiTran:A Technique of Transforming PC Web Application for Smart Phones [J]. Computer Science, 2014, 41(11): 74-78. |
[6] | LIN Jie. Use Combination of Detection Systems to Reduce Errors of Judgment on Malicious Request [J]. Computer Science, 2013, 40(Z6): 344-348. |
[7] | LIU Yong-po,WU Ji and LIU Shuang-mei. Research of Generic Codec for Web Application Testing [J]. Computer Science, 2013, 40(8): 157-160. |
[8] | GUO Hua,LI Zhou-jun,ZHUANG Lei,JI Hong-lin. New Approach for Analyzing of E-commerce Protocol [J]. Computer Science, 2010, 37(8): 56-60. |
[9] | LU Xiao-li,DONG Yun-wei,ZHAO Hong-bin. Object-oriented Web Application Testing Model [J]. Computer Science, 2010, 37(7): 134-136. |
[10] | PENG Shu-shen,GU Qing,CHEN Dao-xu. Study of Test Case Generation for Web Applications [J]. Computer Science, 2010, 37(6): 159-163. |
[11] | LU Xiao-lil,DONG Yun-wei. Research on Structural Testing of Web Applications [J]. Computer Science, 2010, 37(12): 110-113. |
[12] | HU Yan-su,DAI Guan-zhong,GAO Ang,PAN Wen-ping. Differentiated Services of Multi-tier Web Applications [J]. Computer Science, 2010, 37(11): 89-91. |
[13] | WANG Fang,YI Ping,WU Yue,WANG Zhi-yang. Specification-based Distributed Detection for Mobile Ad Hoc Networks [J]. Computer Science, 2010, 37(10): 118-122. |
[14] | TANG Yun-ji,MIAO Huai-kou,QIAN Zhong-sheng. Approach to Modeling and Testing Web Applications Based on Functional Components [J]. Computer Science, 2009, 36(7): 124-127. |
[15] | HUANG Juan, ZHANG Wei-qun ,WEN Xiao, LIANG Zhi-yuan (College of Computer and Information Science, Southwest University,Chongqing 400715,China). [J]. Computer Science, 2009, 36(3): 277-280. |
|