PERTANIKA JOURNAL OF TROPICAL AGRICULTURAL SCIENCE

J

• Aksu, M. U., Bicakci, K., Dilek, M. H., Ozbayoglu, A. M., & Tatli, E. I. (2018). Automated generation of attack graphs using NVD. In Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy (pp. 135-142). ACM Publishing. https://doi.org/10.1145/3176258.3176339

• Alazmi, S., & de Leon, D. C. (2022). A systematic literature review on the characteristics and effectiveness of web application vulnerability scanners. IEEE Access, 10, 33200-33219. https://doi.org/10.1109/ACCESS.2022.3161522

• Aliero, M. S., Ghani, I., Qureshi, K. N., & Rohani, M. F. (2020). An algorithm for detecting SQL injection vulnerability using black-box testing. Journal of Ambient Intelligence and Humanized Computing, 11, 249-266. https://doi.org/10.1007/s12652-019-01235-z

• Aliero, M. S., Qureshi, K. N., Pasha, M. F., Ghani, I., & Yauri, R. A. (2020). Systematic review analysis on SQLIA detection and prevention approaches. Wireless Personal Communications, 112, 2297-2333. https://doi.org/10.1007/s11277-020-07151-2

• Athanasopoulos, E., Pappas, V., Krithinakis, A., Ligouras, S., Markatos, E. P., & Karagiannis, T. (2010, June 23-24). xJS: Practical XSS prevention for web application development [Paper presentation]. USENIX Conference on Web Application Development, Boston, MA, USA.

• Bates, D., Barth, A., & Jackson, C. (2010). Regular expressions considered harmful in client-side XSS filters. In Proceedings of the 19th International Conference on World Wide Web - WWW ’10 (pp. 91-100). ACM Publishing. https://doi.org/10.1145/1772690.1772701

• Beck, A., & Rass, S. (2016). Using neural networks to aid CVSS risk aggregation - An empirically validated approach. Journal of Innovation in Digital Ecosystems, 3(2), 148-154. https://doi.org/10.1016/j.jides.2016.10.002

• Bisht, P., & Venkatakrishnan, V. N. (2008). XSS-GUARD: Precise dynamic prevention of cross-site scripting attacks. In D. Zamboni (Ed.), Detection of Intrusions and Malware, and Vulnerability Assessment (Vol. 5137, 23-43). Springer. https://doi.org/10.1007/978-3-540-70542-0_2

• Bozic, J., & Wotawa, F. (2013). XSS pattern for attack modeling in testing. In 2013 8th International Workshop on Automation of Software Test (AST) (pp. 71-74). IEEE Publishing. https://doi.org/10.1109/IWAST.2013.6595794

• Elbaz, C., Rilling, L., & Morin, C. (2020). Fighting N-day vulnerabilities with automated CVSS vector prediction at disclosure. In Proceedings of the 15th International Conference on Availability, Reliability and Security (pp. 1-10). ACM Publishing. https://doi.org/10.1145/3407023.3407038

• Figueroa-Lorenzo, S., Añorga, J., & Arrizabalaga, S. (2021). A survey of IIoT protocols: A measure of vulnerability risk analysis based on CVSS. ACM Computing Surveys, 53(2), 1-53. https://doi.org/10.1145/3381038

• Fogie, S., Grossman, J., Hansen, R., & Petkov, P. D. (2007). XSS Attacks: Cross Site Scripting Exploits and Defense (1st ed.). Syngres Media.

• Gallon, L., & Bascou, J. J. (2011a). Using CVSS in attack graphs. In 2011 Sixth International Conference on Availability, Reliability and Security (pp. 59-66). IEEE Publishing. https://doi.org/10.1109/ARES.2011.18

• Gallon, L., & Bascou, J. J. (2011b). Using CVSS in attack graphs. In 2011 Sixth International Conference on Availability, Reliability and Security (pp. 59-66). IEEE Publishing. https://doi.org/10.1109/ARES.2011.18

• Gupta, S., & Gupta, B. B. (2016). XSS-immune: A google chrome extension-based XSS defensive framework for contemporary platforms of web applications. Security and Communication Networks, 9(17), 3966-3986. https://doi.org/10.1002/sec.1579

• Gupta, S., & Gupta, B. B. (2017). Cross-site scripting (XSS) attacks and defense mechanisms: Classification and state-of-the-art. International Journal of System Assurance Engineering and Management, 8(Suppl 1), 512-530. https://doi.org/10.1007/s13198-015-0376-0

• Houmb, S. H., & Franqueira, V. N. L. (2009). Estimating ToE risk level using CVSS. In 2009 International Conference on Availability, Reliability and Security (pp. 718-725). IEEE Publishing. https://doi.org/10.1109/ARES.2009.151

• Houmb, S. H., Franqueira, V. N. L., & Engum, E. A. (2010a). Quantifying security risk level from CVSS estimates of frequency and impact. Journal of Systems and Software, 83(9), 1622-1634. https://doi.org/10.1016/j.jss.2009.08.023

• Houmb, S. H., Franqueira, V. N. L., & Engum, E. A. (2010b). Quantifying security risk level from CVSS estimates of frequency and impact. Journal of Systems and Software, 83(9), 1622-1634. https://doi.org/10.1016/j.jss.2009.08.023

• Kieyzun, A., Guo, P. J., Jayaraman, K., & Ernst, M. D. (2009). Automatic creation of SQL Injection and cross-site scripting attacks. In 2009 IEEE 31st International Conference on Software Engineering (pp. 199-209). IEEE Publishing. https://doi.org/10.1109/ICSE.2009.5070521

• Kindy, D. A., & Pathan, A.-S. K. (2011). A survey on SQL injection: Vulnerabilities, attacks, and prevention techniques. In 2011 IEEE 15th International Symposium on Consumer Electronics (ISCE) (pp. 468-471). IEEE Publishing. https://doi.org/10.1109/ISCE.2011.5973873

• Kouns, J. (2008). Open source vulnerability database project. TIM Review. https://timreview.ca/article/155

• Le, T. H. M., Hin, D., Croft, R., & Babar, M. A. (2021). DeepCVA: Automated commit-level vulnerability assessment with deep multi-task learning. In 2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE) (pp. 717-729). IEEE Publishing. https://doi.org/10.1109/ASE51524.2021.9678622

• Pelizzi, R., & Sekar, R. (2012). Protection, usability and improvements in reflected XSS filters. In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security - ASIACCS ’12 (pp. 1-5). ACM Publishing. https://doi.org/10.1145/2414456.2414458

• Pramod, A., Ghosh, A., Mohan, A., Shrivastava, M., & Shettar, R. (2015). SQLI detection system for a safer web application. In 2015 IEEE International Advance Computing Conference (IACC) (pp. 237-240). IEEE Publishing. https://doi.org/10.1109/IADCC.2015.7154705

• Radack, S., & Kuhn, R. (2011). Managing security: The security content automation protocol. IT Professional, 13(1), 9-11. https://doi.org/10.1109/MITP.2011.11

• Rao, K. S., Jain, N., Limaje, N., Gupta, A., Jain, M., & Menezes, B. (2016). Two for the price of one: A combined browser defense against XSS and clickjacking. In 2016 International Conference on Computing, Networking and Communications (ICNC) (pp. 1-6). IEEE Publishing. https://doi.org/10.1109/ICCNC.2016.7440629

• Sadeghian, A., Zamani, M., & Manaf, A. A. (2013). A taxonomy of SQL injection detection and prevention techniques. In 2013 International Conference on Informatics and Creative Multimedia (pp. 53-56). IEEE Publishing. https://doi.org/10.1109/ICICM.2013.18

• Sarmah, U., Bhattacharyya, D. K., & Kalita, J. K. (2018). A survey of detection methods for XSS attacks. Journal of Network and Computer Applications, 118, 113-143. https://doi.org/10.1016/j.jnca.2018.06.004

• Scarfone, K., & Mell, P. (2009). An analysis of CVSS version 2 vulnerability scoring. In 2009 3rd International Symposium on Empirical Software Engineering and Measurement (pp. 516-525). IEEE Publishing. https://doi.org/10.1109/ESEM.2009.5314220

• Singh, A. K., & Roy, S. (2012). A network based vulnerability scanner for detecting SQLI attacks in web applications. In 2012 1st International Conference on Recent Advances in Information Technology (RAIT) (pp. 585-590). IEEE Publishing. https://doi.org/10.1109/RAIT.2012.6194594

• Voeller, J. G. (2008). Wiley Handbook of Science and Technology for Homeland Security. John Wiley & Sons, Inc. https://doi.org/10.1002/9780470087923

• Wang, C. H., & Zhou, Y. S. (2016). A new cross-site scripting detection mechanism integrated with HTML5 and CORS properties by using browser extensions. In 2016 International Computer Symposium (ICS) (pp. 264-269). IEEE Publishing. https://doi.org/10.1109/ICS.2016.0060