Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications

@article{Balzarotti2008SanerCS,
  title={Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications},
  author={Davide Balzarotti and Marco Cova and Viktoria Felmetsger and Nenad Jovanovic and Engin Kirda and Christopher Kr{\"u}gel and Giovanni Vigna},
  journal={2008 IEEE Symposium on Security and Privacy (sp 2008)},
  year={2008},
  pages={387-401}
}
Web applications are ubiquitous, perform mission- critical tasks, and handle sensitive user data. Unfortunately, web applications are often implemented by developers with limited security skills, and, as a result, they contain vulnerabilities. Most of these vulnerabilities stem from the lack of input validation. That is, web applications use malicious input as part of a sensitive operation, without having properly checked or sanitized the input values prior to their use. Past research on… CONTINUE READING
Highly Influential
This paper has highly influenced 32 other papers. REVIEW HIGHLY INFLUENTIAL CITATIONS
Highly Cited
This paper has 368 citations. REVIEW CITATIONS

Citations

Publications citing this paper.
Showing 1-10 of 235 extracted citations

369 Citations

0204060'09'11'13'15'17
Citations per Year
Semantic Scholar estimates that this publication has 369 citations based on the available data.

See our FAQ for additional information.

References

Publications referenced by this paper.
Showing 1-10 of 36 references

Cross Site Scripting Explained

  • A. Klein
  • Technical report, Sanctum Inc.,
  • 2002
Highly Influential
15 Excerpts

A Theory of Type Qualifiers

  • J. Foster, M. Faehndrich, A. Aiken
  • In Conference on Programming Language Design and…
  • 1999
Highly Influential
3 Excerpts

SQL Injection Cheat Sheet, Version 1.4. http://ferruh.mavituna.com/makale/ sql- injection-cheatsheet

  • F. Mavituna
  • 2007
1 Excerpt

Secu- Bat: A Web Vulnerability Scanner

  • S. Kals, E. Kirda, C. Kruegel, N. Jovanovic
  • In 15th International World Wide Web Conference…
  • 2006
1 Excerpt

Similar Papers

Loading similar papers…