|
[1] H. Liu and S.-K. Huang, "A Generic Web Application Testing and Attack Generation," 2012. [2] W.-M. Leong, "Automatic Web Testing and Attack Generation," 交通大學網路工程研究所學位論文, pp. 1-35, 2012. [3] C.-Y. Chao and S.-K. Huang, "A Cloud-based Benchmark Database for software Vulnerability Analysis and Discovery," 2012. [4] S.-K. Huang, H.-L. Lu, W.-M. Leong, and H. Liu, "Craxweb: Automatic web application testing and attack generation," in Software Security and Reliability (SERE), 2013 IEEE 7th International Conference on, 2013, pp. 208-217. [5] V. Chipounov, V. Kuznetsov, and G. Candea, "The S2E platform: Design, implementation, and applications," ACM Transactions on Computer Systems (TOCS), vol. 30, p. 2, 2012. [6] C. Cadar, D. Dunbar, and D. R. Engler, "KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs," in OSDI, 2008, pp. 209-224. [7] C.-H. Lu and S.-K. Huang, "Web Platform Independent SQL injection Attack Generation," 交通大學資訊科學與工程研究所學位論文, pp. 1-29, 2014. [8] P.-Y. Huang and S.-K. Huang, "Automated Exploit Generation for Control-Flow Hijacking Attacks," 2011. [9] S. K. Cha, T. Avgerinos, A. Rebert, and D. Brumley, "Unleashing mayhem on binary code," in Security and Privacy (SP), 2012 IEEE Symposium on, 2012, pp. 380-394. [10] T. Avgerinos, S. K. Cha, A. Rebert, E. J. Schwartz, M. Woo, and D. Brumley, "Automatic exploit generation," Communications of the ACM, vol. 57, pp. 74-84, 2014. [11] Getting Started With Burp Proxy. Available: https://portswigger.net/burp/help/proxy_gettingstarted.html. [12] What is Docker? Available: https://philipzheng.gitbooks.io/docker_practice/content/_images/virtualization.png [13] Docker Manual. Available: https://www.gitbook.com/book/philipzheng/docker_practice/details [14] Nightwatch.js, E2E Testing Framework. Available: http://nightwatchjs.org/guide [15] Selenium, Automates Browsers. Available: http://www.seleniumhq.org/docs/ [16] B. Garn, I. Kapsalis, D. E. Simos, and S. Winkler, "On the applicability of combinatorial testing to web application security testing: a case study," in Proceedings of the 2014 Workshop on Joining AcadeMiA and Industry Contributions to Test Automation and Model-Based Testing, 2014, pp. 16-21. [17] X. Fu and K. Qian, "SAFELI: SQL injection scanner using symbolic execution," in Proceedings of the 2008 workshop on Testing, analysis, and verification of web services and applications, 2008, pp. 34-39. [18] S. Artzi, A. Kiezun, J. Dolby, F. Tip, D. Dig, A. Paradkar, et al., "Finding bugs in dynamic web applications," in Proceedings of the 2008 international symposium on Software testing and analysis, 2008, pp. 261-272. [19] P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant, and D. Song, "A symbolic execution framework for javascript," in Security and Privacy (SP), 2010 IEEE Symposium on, 2010, pp. 513-528. [20] Y.-Y. Huang, K. Chen, and S.-L. Chiang, "Finding Security Vulnerabilities in Java Web Applications with Test Generation and Dynamic Taint Analysis," in Proceedings of the 2011 2nd International Congress on Computer Applications and Computational Science, 2012, pp. 133-138. [21] Flask - A Python Microframework. Available: http://flask.pocoo.org/ [22] Docker Engine API and SDKs. Available: https://docs.docker.com/engine/api/ [23] A terminal for your browser, using node/express/socket.io. Available: https://github.com/chjj/tty.js/
|