Automated Data Binding Vulnerability Detection for Java Web Frameworks via Nested Property Graph-Reference-Cited by-同舟云学术

登录注册会员服务联系我们

Automated Data Binding Vulnerability Detection for Java Web Frameworks via Nested Property Graph

Published:2024-09-11 Issue: Volume:202 Page:1377-1388
ISSN:
Container-title:Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis
language:
Short-container-title:

Author:

Yan Xiaoyong¹^ORCID,He Biao²^ORCID,Shen Wenbo¹^ORCID,Ouyang Yu²^ORCID,Zhou Kaihang¹^ORCID,Zhang Xingjian¹^ORCID,Wang Xingyu¹^ORCID,Cao Yukai¹^ORCID,Chang Rui¹^ORCID

Affiliation:

1. Zhejiang University, Hangzhou, China

2. Ant Group, Hangzhou, China

Funder

the National Key R&D Program of China

Ant Group Research Fund

Publisher

ACM

Link

https://dl.acm.org/doi/pdf/10.1145/3650212.3680367

Reference38 articles.

1. No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions

2. ODDFuzz: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing

3. Improving Java Deserialization Gadget Chain Mining via Overriding-Guided Object Generation

4. Efficient Detection of Java Deserialization Gadget Chains via Bottom-up Gadget Search and Dataflow-aided Payload Construction

5. Xingchen Chen, Baizhu Wang, Ze Jin, Yun Feng, Xianglong Li, Xincheng Feng, and Qixu Liu. 2023. Tabby: Automated Gadget Chain Detection for Java Deserialization Vulnerabilities. In 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, Porto, Portugal. 179–192.

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线，采集、加工和组织学术论文而形成的新型学术文献查询和分析系统，可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容，当前同舟云学术共收录了国内外主流学术期刊6万余种，收集的期刊论文及会议论文总量共计约1.5亿篇，并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询！咨询电话：010-8811{复制后删除}0370

www.globalauthorid.com

TOP