Web Security Learning
stable

Content Index:

  • 1. Prologue
  • 2. Computer Networks and Protocols
  • 3. Information Collection
  • 4. Common vulnerability attack and defense
  • 5. Language and Framework
  • 6. Intranet penetration
  • 7. Cloud Security
  • 8. Defense Technology
  • 9. Authentication Mechanism
  • 10. Tools and Resources
    • 10.1. Recommended Resources
    • 10.2. Related papers
      • 10.2.1. List of papers
      • 10.2.2. Traffic Analysis
      • 10.2.3. Vulnerability Automation
      • 10.2.4. Attack Techniques
      • 10.2.5. Attack Detection
      • 10.2.6. Privacy
      • 10.2.7. Fingerprints
      • 10.2.8. Side Channels
      • 10.2.9. Authentication
      • 10.2.10. Protection
    • 10.3. Information Collection
    • 10.4. Social Engineering
    • 10.5. Fuzzing
    • 10.6. Exploitation/Detection
    • 10.7. Near source penetration
    • 10.8. Web Persistence
    • 10.9. Lateral movement
    • 10.10. Cloud Security
    • 10.11. Operating System Persistence
    • 10.12. Audit Tools
    • 10.13. Defense
    • 10.14. Secure Development
    • 10.15. Operation and Maintenance
    • 10.16. Forensics
    • 10.17. Others
  • 11. Manual Quick Check
  • 12. Others
Web Security Learning
  • »
  • 10. Tools and Resources »
  • 10.2. Related papers

10.2. Related papers¶

10.2.1. List of papers¶

  • PRE-list List of (automatic) protocol reverse engineering tools for network protocols

10.2.2. Traffic Analysis¶

  • Plohmann D, Yakdan K, Klatt M, et al. A comprehensive measurement study of domain generating malware[C]//25th {USENIX} Security Symposium ({USENIX} Security 16). 2016: 263-278.

  • Nasr M, Houmansadr A, Mazumdar A. Compressive traffic analysis: A new paradigm for scalable traffic analysis[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 2053-2069.

10.2.3. Vulnerability Automation¶

  • Staicu C A, Pradel M, Livshits B. SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE. JS[C]//NDSS. 2018.

  • Atlidakis V , Godefroid P , Polishchuk M . REST-ler: Automatic Intelligent REST API Fuzzing[J]. 2018.

  • Alhuzali A, Gjomemo R, Eshete B, et al. {NAVEX}: Precise and Scalable Exploit Generation for Dynamic Web Applications[C]//27th {USENIX} Security Symposium ({USENIX} Security 18). 2018: 377-392.

10.2.4. Attack Techniques¶

  • Lekies S, Kotowicz K, Groß S, et al. Code-reuse attacks for the web: Breaking cross-site scripting mitigations via script gadgets[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 1709-1723.

  • Papadopoulos P, Ilia P, Polychronakis M, et al. Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation[J]. arXiv preprint arXiv:1810.00464, 2018.

10.2.5. Attack Detection¶

  • Liu T, Qi Y, Shi L, et al. Locate-then-detect: real-time web attack detection via attention-based deep neural networks[C]//Proceedings of the 28th International Joint Conference on Artificial Intelligence. AAAI Press, 2019: 4725-4731.

10.2.6. Privacy¶

  • Klein A, Pinkas B. DNS Cache-Based User Tracking[C]//NDSS. 2019.

10.2.7. Fingerprints¶

  • Hayes J, Danezis G. k-fingerprinting: A robust scalable website fingerprinting technique[C]//25th {USENIX} Security Symposium ({USENIX} Security 16). 2016: 1187-1203.

  • Overdorf R, Juarez M, Acar G, et al. How unique is your. onion?: An analysis of the fingerprintability of tor onion services[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 2021-2036.

10.2.8. Side Channels¶

  • Rosner N, Kadron I B, Bang L, et al. Profit: Detecting and Quantifying Side Channels in Networked Applications[C]//NDSS. 2019.

10.2.9. Authentication¶

  • Ghasemisharif M, Ramesh A, Checkoway S, et al. O single sign-off, where art thou? an empirical analysis of single sign-on account hijacking and session management on the web[C]//27th {USENIX} Security Symposium ({USENIX} Security 18). 2018: 1475-1492.

10.2.10. Protection¶

  • Pellegrino G, Johns M, Koch S, et al. Deemon: Detecting CSRF with dynamic analysis and property graphs[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 1757-1771.

Previous Next

© Copyright 2019-2022, WebSecurity.

Built with Sphinx using a theme provided by Read the Docs.