Skip to content

πŸ“ Web security related academic papers collection (just for myself).

Notifications You must be signed in to change notification settings

Sajibekanti/awesome-web-security-paper

Β 
Β 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

1 Commit
Β 
Β 

Repository files navigation

Awesome Web Security Papers

Web security related academic papers collection (just for myself).

Abusing Hidden Properties to Attack the Node.js Ecosystem

  • Tags: JavaScript
  • Conference: USENIX Security @ 2021

[Paper] | [Source code]

JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals

  • Tags: CSRF Frontend
  • Conference: USENIX Security @ 2021

[Paper] | [Source code]

Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses

  • Tags: Frontend Side-channel
  • Conference: USENIX Security @ 2021

[Paper]

Saphire: Sandboxing PHP Applications with Tailored System Call Allowlists

  • Tags: PHP Sandbox
  • Conference: USENIX Security @ 2021

[Paper] | [Source code]

Everything Old is New Again: Binary Security of WebAssembly

  • Tags: WebAssembly
  • Conference: USENIX Security @ 2020

[Paper]

Cached and Confused: Web Cache Deception in the Wild

  • Tags: Cache Deception
  • Conference: USENIX Security @ 2020

[Paper]

Leaky Images: Targeted Privacy Attacks in the Web

  • Tags: Side-channel XS-Leaks
  • Conference: USENIX Security @ 2019

[Paper]

What Are You Searching For? A Remote Keylogging Attack on Search Engine Autocomplete

  • Tags: ``
  • Conference: USENIX Security @ 2019

[Paper]

NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications

  • Tags: Exploit generation Symbolic
  • Conference: USENIX Security @ 2018

[Paper] | [Source code]

SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web

  • Tags: .NET Deserialization
  • Conference: NDSS @ 2021

[Paper] | [Source code]

The Cookie Hunter: Automated Black-box Auditing for Web Authentication and Authorization Flaws

  • Tags: Auth Blackbox
  • Conference: NDSS @ 2020

[Paper] | [Source code]

FUSE: Finding File Upload Bugs via Penetration Testing

  • Tags: PHP Upload
  • Conference: NDSS @ 2020

[Paper] | [Source code]

Don’t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild

  • Tags: Frontend XSS
  • Conference: NDSS @ 2019

[Paper] | [Source code]

Riding out DOMsday: Toward Detecting and Preventing DOM Cross-Site Scripting

  • Tags: Frontend XSS
  • Conference: NDSS @ 2018

[Paper] | [Source code]

Synode: Understanding and Automatically Preventing Injection Attacks on Node.js

  • Tags: JavaScript
  • Conference: NDSS @ 2018

[Paper] | [Source code]

PMForce: Systematically Analyzing postMessage Handlers at Scale

  • Tags: Frontend
  • Conference: ACM CCS @ 2020

[Paper] | [Source code]

MalMax: Multi-Aspect Execution for Automated Dynamic Web Server Malware Analysis

  • Tags: PHP Webshell
  • Conference: ACM CCS @ 2019

[Paper]

Black Widow: Blackbox Data-driven Web Scanning

  • Tags: Blackbox Scanner
  • Conference: IEEE S&P @ 2021

[Paper]

Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities

  • Tags: ReDoS
  • Conference: IEEE S&P @ 2021

[Paper] | [Source code]

Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks

  • Tags: ReDoS
  • Conference: IEEE S&P @ 2021

[Paper] | [Source code]

About

πŸ“ Web security related academic papers collection (just for myself).

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published