N
Nenad Jovanovic
Researcher at University of Vienna
Publications - 12
Citations - 2862
Nenad Jovanovic is an academic researcher from University of Vienna. The author has contributed to research in topics: Web application & Cross-site scripting. The author has an hindex of 9, co-authored 9 publications receiving 2727 citations. Previous affiliations of Nenad Jovanovic include Vienna University of Technology.
Papers
More filters
Proceedings ArticleDOI
Pixy: a static analysis tool for detecting Web application vulnerabilities
TL;DR: This paper uses flow-sensitive, interprocedural and context-sensitive dataflow analysis to discover vulnerable points in a program and applies it to the detection of vulnerability types such as SQL injection, cross-site scripting, or command injection.
Proceedings Article
Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis.
TL;DR: The solution presented in this paper stops XSS attacks on the client side by tracking the flow of sensitive information inside the web browser and if sensitive information is about to be transferred to a third party, the user can decide if this should be permitted or not.
Proceedings ArticleDOI
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
Davide Balzarotti,Marco Cova,Viktoria Felmetsger,Nenad Jovanovic,Engin Kirda,Christopher Kruegel,Giovanni Vigna +6 more
TL;DR: This paper combines static and dynamic analysis techniques to identify faulty sanitization procedures that can be bypassed by an attacker, and is able to identify several novel vulnerabilities that stem from erroneous sanitized procedures.
Proceedings ArticleDOI
Noxes: a client-side solution for mitigating cross-site scripting attacks
TL;DR: Noxes is presented, which is, to the best of the knowledge, the first client-side solution to mitigate cross-site scripting attacks and effectively protects against information leakage from the user's environment while requiring minimal user interaction and customization effort.
Proceedings ArticleDOI
SecuBat: a web vulnerability scanner
TL;DR: SecuBat, a generic and modular web vulnerability scanner that, similar to a port scanner, automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities is developed.