P
Prithvi Bisht
Researcher at University of Illinois at Chicago
Publications - 16
Citations - 824
Prithvi Bisht is an academic researcher from University of Illinois at Chicago. The author has contributed to research in topics: Web application & SQL injection. The author has an hindex of 10, co-authored 16 publications receiving 789 citations.
Papers
More filters
Book ChapterDOI
XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks
TL;DR: XSS-Guard is proposed, a new framework that is designed to be a prevention mechanism against XSS attacks on the server side that works by dynamically learning the set of scripts that a web application intends to create for any HTML request.
Journal ArticleDOI
CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks
TL;DR: A novel and powerful scheme for automatically transforming Web applications to render them safe against all SQL injection attacks, and a simple and novel mechanism, called Candid, for mining programmer intended queries by dynamically evaluating runs over benign candidate inputs.
Proceedings ArticleDOI
CANDID: preventing sql injection attacks using dynamic candidate evaluations
TL;DR: This work exhibits a novel and powerful scheme for automatically transforming web applications to render them safe against all SQL injection attacks, and proposes a simple and novel mechanism, called CANDID , for mining programmer intended queries by dynamically evaluating runs over benign candidate inputs.
Proceedings ArticleDOI
NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications
TL;DR: A novel approach for automatically detecting potential server-side vulnerabilities of this kind in existing (legacy) web applications through blackbox analysis is presented and the design and implementation of NoTamper, a tool that realizes this approach are discussed.
Proceedings ArticleDOI
WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction
TL;DR: WAPTEC is described, a tool that is designed to automatically identify parameter tampering vulnerabilities and generate exploits by construction to demonstrate those vulnerabilities.