• Publications
  • Influence
MUSIC: Mutation-based SQL Injection Vulnerability Checking
TLDR
This work applies mutation-based approach for testing SQLIV by proposing nine mutation operators that inject SQLIV in application source code. Expand
  • 85
  • 6
  • PDF
Information-Theoretic Detection of SQL Injection Attacks
TLDR
We present a novel approach to detect SQLI attacks based on information theory. Expand
  • 45
  • 6
Trustworthiness testing of phishing websites: A behavior model-based approach
TLDR
We propose testing suspected phishing websites based on trustworthiness testing approach that can detect advanced XSS-based attacks. Expand
  • 58
  • 4
  • PDF
Mitigating program security vulnerabilities: Approaches and challenges
TLDR
Programs are implemented in a variety of languages and contain serious vulnerabilities which might be exploited to cause security breaches. Expand
  • 85
  • 4
  • PDF
MUTEC: Mutation-based testing of Cross Site Scripting
TLDR
We apply the idea of mutation-based testing technique to generate adequate test data sets for testing XSSVs. Expand
  • 60
  • 4
Injecting Comments to Detect JavaScript Code Injection Attacks
TLDR
We develop a server side approach that distinguishes injected JavaScript code from legitimate JavaScript code. Expand
  • 27
  • 4
  • PDF
Client-Side Detection of Cross-Site Request Forgery Attacks
TLDR
We present a CSRF attack detection mechanism for the client side based on the matching of parameters and values present in a suspected request with a form’s input fields and values that are being displayed on a webpage (visibility). Expand
  • 45
  • 4
PhishTester: Automatic Testing of Phishing Attacks
TLDR
This paper attempts to address these issues by leveraging traditional web application testing method which can be seen as a complementary effort to current anti-phishing techniques to discover advanced phishing attacks. Expand
  • 29
  • 4
  • PDF
S2XS2: A Server Side Approach to Automatically Detect XSS Attacks
TLDR
We develop an automated framework to detect XSS attacks at the server side based on the notion of boundary injection and policy generation. Expand
  • 41
  • 3
Effective detection of vulnerable and malicious browser extensions
TLDR
We propose a model-based approach to detect vulnerable and malicious browser extensions by widening and complementing the existing techniques. Expand
  • 18
  • 3
...
1
2
3
4
5
...