Securing the tangled web
C Kern - Communications of the ACM, 2014 - dl.acm.org
Communications of the ACM, 2014•dl.acm.org
… In our experience in Google’s security team, code inspection and testing do not ensure,
to a reasonably high degree of confidence, the absence of XSS bugs in large Web
applications. Of course, both inspection and testing provide tremendous value and will
typically find some bugs in an application (perhaps even most of the bugs), but it is difficult
to be sure whether or not they discovered all the bugs (or even almost all of them). …
Christoph Kern ([email protected]) is an information security engineer at Google. His …
to a reasonably high degree of confidence, the absence of XSS bugs in large Web
applications. Of course, both inspection and testing provide tremendous value and will
typically find some bugs in an application (perhaps even most of the bugs), but it is difficult
to be sure whether or not they discovered all the bugs (or even almost all of them). …
Christoph Kern ([email protected]) is an information security engineer at Google. His …
Preventing script injection vulnerabilities through software design.
ACM Digital LibraryShowing the best result for this search. See all results