We show that the time web sites take to respond to HTTP requests can leak private information, using two different types of attacks. The first, direct timing, directly measures re...
This paper describes the design of a test suite for thorough evaluation of web application scanners. Web application scanners are automated, black-box testing tools that examine w...
Elizabeth Fong, Romain Gaucher, Vadim Okun, Paul E...
User-input validators play an essential role in guarding a web application against application-level attacks. Hence, the security of the web application can be compromised by defe...
Kunal Taneja, Nuo Li, Madhuri R. Marri, Tao Xie, N...
Web applications typically interact with a back-end database to retrieve persistent data and then present the data to the user as dynamically generated output, such as HTML web pa...
A common way to elude a signature-based NIDS is to transform an attack instance that the NIDS recognizes into another instance that it misses. For example, to avoid matching the a...