awesome-web-security-paper icon indicating copy to clipboard operation
awesome-web-security-paper copied to clipboard

verified publisher icon splitline
β†’

Metadata

πŸ“ Web security related academic papers collection (just for myself).

trafficstars

Awesome Web Security Papers

Web security related academic papers collection (just for myself).

Abusing Hidden Properties to Attack the Node.js Ecosystem

  • Tags: JavaScript
  • Conference: USENIX Security @ 2021

[Paper] | [Source code]

JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals

  • Tags: CSRF Frontend
  • Conference: USENIX Security @ 2021

[Paper] | [Source code]

Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses

  • Tags: Frontend Side-channel
  • Conference: USENIX Security @ 2021

[Paper]

Saphire: Sandboxing PHP Applications with Tailored System Call Allowlists

  • Tags: PHP Sandbox
  • Conference: USENIX Security @ 2021

[Paper] | [Source code]

Everything Old is New Again: Binary Security of WebAssembly

  • Tags: WebAssembly
  • Conference: USENIX Security @ 2020

[Paper]

Cached and Confused: Web Cache Deception in the Wild

  • Tags: Cache Deception
  • Conference: USENIX Security @ 2020

[Paper]

Leaky Images: Targeted Privacy Attacks in the Web

  • Tags: Side-channel XS-Leaks
  • Conference: USENIX Security @ 2019

[Paper]

What Are You Searching For? A Remote Keylogging Attack on Search Engine Autocomplete

  • Tags: ``
  • Conference: USENIX Security @ 2019

[Paper]

NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications

  • Tags: Exploit generation Symbolic
  • Conference: USENIX Security @ 2018

[Paper] | [Source code]

SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web

  • Tags: .NET Deserialization
  • Conference: NDSS @ 2021

[Paper] | [Source code]

The Cookie Hunter: Automated Black-box Auditing for Web Authentication and Authorization Flaws

  • Tags: Auth Blackbox
  • Conference: NDSS @ 2020

[Paper] | [Source code]

FUSE: Finding File Upload Bugs via Penetration Testing

  • Tags: PHP Upload
  • Conference: NDSS @ 2020

[Paper] | [Source code]

Don’t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild

  • Tags: Frontend XSS
  • Conference: NDSS @ 2019

[Paper] | [Source code]

Riding out DOMsday: Toward Detecting and Preventing DOM Cross-Site Scripting

  • Tags: Frontend XSS
  • Conference: NDSS @ 2018

[Paper] | [Source code]

Synode: Understanding and Automatically Preventing Injection Attacks on Node.js

  • Tags: JavaScript
  • Conference: NDSS @ 2018

[Paper] | [Source code]

PMForce: Systematically Analyzing postMessage Handlers at Scale

  • Tags: Frontend
  • Conference: ACM CCS @ 2020

[Paper] | [Source code]

MalMax: Multi-Aspect Execution for Automated Dynamic Web Server Malware Analysis

  • Tags: PHP Webshell
  • Conference: ACM CCS @ 2019

[Paper]

Black Widow: Blackbox Data-driven Web Scanning

  • Tags: Blackbox Scanner
  • Conference: IEEE S&P @ 2021

[Paper]

Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities

  • Tags: ReDoS
  • Conference: IEEE S&P @ 2021

[Paper] | [Source code]

Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks

  • Tags: ReDoS
  • Conference: IEEE S&P @ 2021

[Paper] | [Source code]

← Metadata

20
Stars
2
Forks
Watchers

Owner

verified publisher icon splitline

Metadata

πŸ“ Web security related academic papers collection (just for myself).

Back