|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
| ASCII Text | x | ||
| Corrado Visaggio, "Session Management Vulnerabilities in Today's Web," IEEE Security & Privacy, vol. 8, no. 5, pp. 48-56, September/October, 2010. | |||
| BibTex | x | ||
| @article{ 10.1109/MSP.2010.114, author = {Corrado Visaggio}, title = {Session Management Vulnerabilities in Today's Web}, journal ={IEEE Security & Privacy}, volume = {8}, number = {5}, issn = {1540-7993}, year = {2010}, pages = {48-56}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2010.114}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - MGZN JO - IEEE Security & Privacy TI - Session Management Vulnerabilities in Today's Web IS - 5 SN - 1540-7993 SP48 EP56 EPD - 48-56 A1 - Corrado Visaggio, PY - 2010 KW - session management KW - Web application security KW - security and privacy VL - 8 JA - IEEE Security & Privacy ER - | |||
1. Cenzic Web Application Security Trends Report—Q3–Q4, 2009, Cenzic, 2010.
2. C. Soghoian and S. Stamm, "Certified Lies: Detecting and Defeating Government Interception Attacks against SSL," Social Science Research Network, Apr. 2010; http://files.cloudprivacy.netssl-mitm.pdf .
3. "OWASP Top 10 2010 AppSecDC," Open Web Application Security Project Foundation, Nov. 2009; www.owasp.org/index.phpOWASP_Top_10_2010_AppSecDC .
4. D. Stuttard and M. Pinto, The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws, John Wiley & Sons, 2008.
5. C. Anley, "Weak Randomness: Part I—Linear Congruential Random Number Generators," Next Generation Security Software, 2007; www.ngssoftware.com/Libraries/Documents02_07_Weak_Randomness.sflb.ashx .
6. "Cross Site Scripting," Web Application Security Consortium, 2009; www.webappsec.org/projects/threat/classes cross-site_scripting.shtml.
7. M. Kolšek, "Session Fixation Vulnerability in Web-Based Applications," Acros Security, Dec. 2002; www.acrossecurity.com/paperssession_fixation.pdf .
8. "OWASP Testing Guide v3," Open Web Application Security Project Foundation, Nov. 2008; www.owasp.org/index.phpOWASP_Testing_Guide_v3_Table_of_Contents .
9. A. Kiezun et al., "Automatic Creation of SQL Injection and Cross-Site Scripting Attacks," Proc. 31st Int'l Conf. Software Eng., IEEE CS Press, 2009, pp. 199–209.
1. C. Jackson and A. Barth, "ForceHTTPS: Protecting High-Security Web Sites from Network Attacks," Proc. 17th Int'l World Wide Web Conf., ACM Press, 2008, pp. 225–233.
2. M. Johns and J. Winter, "RequestRodeo: Client Side Protection against Session Riding," Proc. OWASP Europe 2006 Conf., 2006; www.informatik.uni-hamburg.de/SVS/papers 2006_owasp_RequestRodeo.pdf.
3. L. von Ahn et al., "Captcha: Using Hard AI Problems for Security," Proc. Int'l Conf. Theory and Application Cryptographic Techniques, Springer, 2003, pp. 294–311; www.captcha.netcaptcha_crypt.pdf.
4. A. Barth, C. Jackson, and J.C. Mitchell, "Robust Defenses for Cross-Site Request Forgery," Proc. 15th ACM Conf. Computer and Communications Security, ACM Press, 2008, pp. 75–87.
5. A. Kiezun et al., "Automatic Creation of SQL Injection and Cross-Site Scripting Attacks," Proc. 31st Int'l Conf. Software Eng., IEEE CS Press, 2009, pp. 199–209.