Skip to content

Latest commit

 

History

History
142 lines (82 loc) · 5.1 KB

README.md

File metadata and controls

142 lines (82 loc) · 5.1 KB
Raw

Awesome Web Security Papers

Web security related academic papers collection (just for myself).

Abusing Hidden Properties to Attack the Node.js Ecosystem

  • Tags: JavaScript
  • Conference: USENIX Security @ 2021

[Paper] | [Source code]

JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals

  • Tags: CSRF Frontend
  • Conference: USENIX Security @ 2021

[Paper] | [Source code]

Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses

  • Tags: Frontend Side-channel
  • Conference: USENIX Security @ 2021

[Paper]

Saphire: Sandboxing PHP Applications with Tailored System Call Allowlists

  • Tags: PHP Sandbox
  • Conference: USENIX Security @ 2021

[Paper] | [Source code]

Everything Old is New Again: Binary Security of WebAssembly

  • Tags: WebAssembly
  • Conference: USENIX Security @ 2020

[Paper]

Cached and Confused: Web Cache Deception in the Wild

  • Tags: Cache Deception
  • Conference: USENIX Security @ 2020

[Paper]

Leaky Images: Targeted Privacy Attacks in the Web

  • Tags: Side-channel XS-Leaks
  • Conference: USENIX Security @ 2019

[Paper]

What Are You Searching For? A Remote Keylogging Attack on Search Engine Autocomplete

  • Tags: ``
  • Conference: USENIX Security @ 2019

[Paper]

NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications

  • Tags: Exploit generation Symbolic
  • Conference: USENIX Security @ 2018

[Paper] | [Source code]

SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web

  • Tags: .NET Deserialization
  • Conference: NDSS @ 2021

[Paper] | [Source code]

The Cookie Hunter: Automated Black-box Auditing for Web Authentication and Authorization Flaws

  • Tags: Auth Blackbox
  • Conference: NDSS @ 2020

[Paper] | [Source code]

FUSE: Finding File Upload Bugs via Penetration Testing

  • Tags: PHP Upload
  • Conference: NDSS @ 2020

[Paper] | [Source code]

Don’t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild

  • Tags: Frontend XSS
  • Conference: NDSS @ 2019

[Paper] | [Source code]

Riding out DOMsday: Toward Detecting and Preventing DOM Cross-Site Scripting

  • Tags: Frontend XSS
  • Conference: NDSS @ 2018

[Paper] | [Source code]

Synode: Understanding and Automatically Preventing Injection Attacks on Node.js

  • Tags: JavaScript
  • Conference: NDSS @ 2018

[Paper] | [Source code]

PMForce: Systematically Analyzing postMessage Handlers at Scale

  • Tags: Frontend
  • Conference: ACM CCS @ 2020

[Paper] | [Source code]

MalMax: Multi-Aspect Execution for Automated Dynamic Web Server Malware Analysis

  • Tags: PHP Webshell
  • Conference: ACM CCS @ 2019

[Paper]

Black Widow: Blackbox Data-driven Web Scanning

  • Tags: Blackbox Scanner
  • Conference: IEEE S&P @ 2021

[Paper]

Revealer: Detecting and Exploiting Regular Expression Denial-of-Service Vulnerabilities

  • Tags: ReDoS
  • Conference: IEEE S&P @ 2021

[Paper] | [Source code]

Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks

  • Tags: ReDoS
  • Conference: IEEE S&P @ 2021

[Paper] | [Source code]