|
[1] W.-M. Leong, "自動化網頁測試與攻擊產生 Automatic Web Testing and Attack Generation," 國立交通大學資訊科學與工程研究所學位論文, 2012. [2] V. Chipounov, V. Kuznetsov, and G. Candea, "S2E: A platform for in-vivo multi-path analysis of software systems," ACM SIGARCH Computer Architecture News, vol. 39, pp. 265-278, 2011. [3] H. Liu, "跨平台 Web程式測試與攻擊產生系統 A Generic Web Application Testing and Attack Generation Framework," 國立交通大學資訊科學與工程研究所學位論文, 2013. [4] E. J. Schwartz, T. Avgerinos, and D. Brumley, "All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask)," in Security and Privacy (SP), 2010 IEEE Symposium on, 2010, pp. 317-331. [5] J. C. King, "Symbolic execution and program testing," Communications of the ACM, vol. 19, pp. 385-394, 1976. [6] K. Sen, "Concolic testing," in Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering, 2007, pp. 571-572. [7] F. Bellard, "QEMU, a Fast and Portable Dynamic Translator," in USENIX Annual Technical Conference, FREENIX Track, 2005, pp. 41-46. [8] C. Lattner and V. Adve, "LLVM: A compilation framework for lifelong program analysis & transformation," in Code Generation and Optimization, 2004. CGO 2004. International Symposium on, 2004, pp. 75-86. [9] C. Cadar, D. Dunbar, and D. R. Engler, "KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs," in OSDI, 2008, pp. 209-224. [10] OWASP Top Ten Project. Available: https://www.owasp.org/index.php/Main_Page [11] S.-K. Huang, M.-H. Huang, P.-Y. Huang, C.-W. Lai, H.-L. Lu, and W.-M. Leong, "CRAX: Software Crash Analysis for Automatic Exploit Generation by Modeling Attacks as Symbolic Continuations," in Software Security and Reliability (SERE), 2012 IEEE Sixth International Conference on, 2012, pp. 78-87. [12] C.-Y. Chao, "雲端軟體弱點探索分析資料庫 A Cloud-based Benchmark Database for Software Vulnerability Analysis and Discovery," 國立交通大學資訊科學與工程研究所學位論文, 2013. [13] J. Vanegue, S. Heelan, and R. Rolles, "SMT Solvers in Software Security," WOOT, pp. 85-96, 2012. [14] A. Kieyzun, P. J. Guo, K. Jayaraman, and M. D. Ernst, "Automatic creation of SQL injection and cross-site scripting attacks," in Software Engineering, 2009. ICSE 2009. IEEE 31st International Conference on, 2009, pp. 199-209. [15] X. Fu and K. Qian, "SAFELI: SQL injection scanner using symbolic execution," in Proceedings of the 2008 workshop on Testing, analysis, and verification of web services and applications, 2008, pp. 34-39. [16] S. Artzi, A. Kiezun, J. Dolby, F. Tip, D. Dig, A. Paradkar, et al., "Finding bugs in dynamic web applications," in Proceedings of the 2008 international symposium on Software testing and analysis, 2008, pp. 261-272. [17] P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant, and D. Song, "A symbolic execution framework for javascript," in Security and Privacy (SP), 2010 IEEE Symposium on, 2010, pp. 513-528. [18] Y.-Y. Huang, K. Chen, and S.-L. Chiang, "Finding Security Vulnerabilities in Java Web Applications with Test Generation and Dynamic Taint Analysis," in Proceedings of the 2011 2nd International Congress on Computer Applications and Computational Science, 2012, pp. 133-138. [19] N. Li, T. Xie, M. Jin, and C. Liu, "Perturbation-based user-input-validation testing of web applications," Journal of Systems and Software, vol. 83, pp. 2263-2274, 2010. [20] A. Bashah Mat Ali, A. Yaseen Ibrahim Shakhatreh, M. Syazwan Abdullah, and J. Alostad, "SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks," Procedia Computer Science, vol. 3, pp. 453-458, 2011. [21] T. Wei, Y. Ju-Feng, X. Jing, and S. Guan-Nan, "Attack model based penetration test for SQL injection vulnerability," in Computer Software and Applications Conference Workshops (COMPSACW), 2012 IEEE 36th Annual, 2012, pp. 589-594.
|