Security remains a major roadblock to universal acceptance of the Web for many kinds of transactions, especially since the recent sharp increase in remotely exploitable vulnerabil...
Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung...
We propose STILL, a signature-free remote exploit binary code injection attack blocker to protect web servers and web applications. STILL is robust to almost all anti-signature, a...
Cross-site scripting (XSS) is an attack against web applications in which scripting code is injected into the output of an application that is then sent to a user’s web browser....
Philipp Vogt, Florian Nentwich, Nenad Jovanovic, E...
The JavaScript language is a core component of active and dynamic web content in the Internet today. Besides its great success in enhancing web applications, however, JavaScript p...
This paper presents DOME, a host-based technique for detecting several general classes of malicious code in software executables. DOME uses static analysis to identify the locatio...
Jesse C. Rabek, Roger I. Khazan, Scott M. Lewandow...