[1] |
LEENHEER N . How well does your browser support HTML5[EB/OL]. .
|
[2] |
KUPPAN L . Attacking with HTML5[EB/OL]. .
|
[3] |
ZALEWSKI M . Geolocation spoofing and other UI woes[EB/OL]. .
|
[4] |
SON S , SHMATIKOV V . The postman always rings twice:attacking and defending postMessage in HTML5 Websites[C]// NDSS. 2013.
|
[5] |
王晓强 . 基于HTML5的CSRF攻击与防御技术研究[D]. 成都:电子科技大学, 2013. WANG X Q . Research of CSRF attack and defense techniques based on HTML5[D]. Chengdu:University of Electronic Science and Technology of China, 2013.
|
[6] |
KULSHRESTHA A . An empirical study of HTML5 websockets and their cross browser behavior for mixed content and untrusted certificates[J]. International Journal of Computer Applications, 2013,82(6): 13-18.
|
[7] |
JIN X , HU X , YING K ,et al. Code injection attacks on HTML5-based mobile apps:characterization,detection and mitigation[C]// ACM SIGSAC Conference on Computer & Communications Security. 2014: 66-77.
|
[8] |
GILGER J . Persistent AppCache injections[EB/OL]. .
|
[9] |
JIA Y , CHEN Y , DONG X . Man-in-the-browser-cache:persisting https attacks via browser cache poisoning[J]. Computers & Security, 2015: 62-80.
|
[10] |
HANNA S , CHUL E , SHIN R ,et al. The Emperor's new APIs:on the (in) secure usage of new client-side primitives[J]. W2sp Web Security& Privacy, 2010.
|
[11] |
李潇宇, 张玉清, 刘奇旭 ,等. 一种基于HTML5的安全跨文档消息传递方案[J]. 中国科学院大学学报, 2013,30(1): 124-130. LI X Y , ZHANG Y Q , LIU Q X ,et al. Secure cross document messaging scheme based on HTML5[J]. Journal of Graduate University of Chinese Academy of Sciences, 2013,30(1): 124-130.
|
[12] |
TIAN Y , LIU Y C , BHOSALE A ,et al. All your screens are belong to us:attacks exploiting the HTMl5 screen sharing API[C]// Proceedings of the 2014 IEEE Symposium on Security and Privacy,IEEE Computer Society. 2014: 34-48.
|
[13] |
HEIDERICH M , FROSCH T , JENSEN M ,et al. Crouching tiger hidden payload:security risks of scalable vectors graphics[C]// Proceedings of the 18th ACM Conference on Computer and Communications Security. 2011: 239-250.
|
[14] |
JOHNS M , LEKIES S , STOCK B . Eradicating DNS rebinding with the extended same-origin policy[C]// Usenix Conference on Security. 2013: 621-636.
|
[15] |
LEE S , KIM H , KIM J . Identifying cross-origin resource status using application cache[C]// Proc NDSS ’15. 2015.
|
[16] |
HOMAKOV E . Using AppCache and service worker for evil[EB/OL]. .
|
[17] |
W3C. W3C.Offline Web applications-HTML5[EB/OL]. .
|
[18] |
VALLENTIN M , BEN-DAVID Y . Persistent browser cache poisoning[R/OL]. .
|
[19] |
WALIULLAH M , GAN D . Wireless LAN security threats & vulnerabilities:a literature review[J]. International Journal of Advanced Computer Science & Application, 2014,5(1): 176-181.
|
[20] |
LAVA. Shell of the future:reverse web shell handler for XSS exploitation[EB/OL]. .
|
[21] |
LAVA. HTML5 based JavaScript network reconnaissance tool[EB/OL]. .
|
[22] |
MARLINSPIKE M . A tool for exploiting moxie marlinspike's SSL"stripping"Attack[EB/OL]. .
|
[23] |
Internet Engineering Task Force. HTTP strict transport security (HSTS)[S/OL]. .
|