[1] میترا علیدوستی و علیرضا نوروزی، «روش آزمون امنیتی پویای لایه کسب و کار برنامه کاربردی وب برای شناسایی آسیب پذیری برنامه کاربردی وب در برابر حملات منع خدمت سیلابی،» کنفرانس بین المللی انجمن رمز ایران، چهارده، 1-7، دانشگاه شیراز، 96
[2] ITRC, Identity Theft Resource Center Breach Report Hits Record High in 2015, 2015, http://www.idtheftcenter.org/ITRC-Surveys-Studies/2015databreaches.html.
[3] G. Pellegrino and D. Balzarotti. "Toward black-box detection of logic flaws in web applications," Network and Distributed System Security Symposium, pp.23-26, February 2014.
[4] D. Balzarotti, M. Cova, V. V. Felmetsger and G. Vigna, "Multi-module vulnerability analysis of web-based applications," Computer and communications security, 2007.
[5] A. Doupé, B. Boe, C. Kruegel and G. Vigna, "Fear the ear: discovering and mitigating execution after redirect vulnerabilities," Computer and communications security, pp.251–262, 2011.
[6] L. Cavedon, G. Vigna, V. Felmetsger, L. Cavedon and C. Kruegel, "Toward automated detection of logic vulnerabilities in web applications," USENIX Security Symposium, pp.143–160, 2010.
[7] A. Wang, A. Mohaisen, W. Chang and S. Chen, "Capturing DDoS attack dynamics behind the scenes," Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 205–215, 2015.
[8] D. Holmes, The F5 DDoS Protection Reference, 2013, https://f5.com/Portals/1/Cache/Pdfs/2421/mitigating-ddos-attacks-with-f5-technology-.pdf.
[9] E. Chai, Business Logic Attacks – Bots and BATs, 2009, https://www.owasp.org/images/6/6a/BNL09_OWASP_Benelux_2009,_Business_Logic_Attacks_-_v2.pptx.
[10] Web Application Security Consortium, WASC threat classification, 2010, http://projects.webappsec.org/w/page/13246978/Threat Classification.
[11] X. Li and Y. Xue, "BLOCK: a black-box approach for detection of state violation attacks towards web applications," Annual Computer Security Applications, pp.247–256, 2011.
[12] M. Cova, D. Balzarotti, V. Felmetsger, and G. Vigna, "Swaddler: an approach for the anomaly-based detection ofstate violations in web applications,"Recent Advances in Intrusion Detection, pp.63–86, 2007.
[13] X. Li, W. Yan, and Y. Xue, “SENTINEL: securing database from logic flaws in web applications,” Data and Application Security and Privacy, pp. 25–36, 2012.
[14] محیا ارومیه و نگین دانشپور، «مدلی سه لایه در طراحی سطح منطقی پایگاه داده تحلیلی،» مجله مهندسی برق دانشگاه تبریز، جلد 47، شماره 2، صفحات 371-380، 1396.
[15] سیامک عبدالهزاده، محمدلی بالافر و لیلی محمدخانلی، «استفاده از خوشهبندی و مدل مارکوف جهت پیشبینی درخواست آتی کاربر در وب،» مجله مهندسی برق دانشگاه تبریز، جلد 45، شماره 3، صفحات 89-96، 1394.
[16] A. Doupé, L. Cavedon, C. Kruegel and G. Vigna, "Enemy of the state: a state-aware black-box web vulnerability scanner,"USENIX Security Symposium, vol.15, no.2, pp.173-180, 2013.
[17] S. Ranjan, "DDoS-Resilient scheduling to counter application layer attacks under imperfect detection," Communications Society, 2006.
[18] C. Cadar, V. Ganesh, P. M. Pawlowski, D. L. Dill and D. R. Engler, "EXE: automatically generating inputs of death," Information and System Security, vol.12, no.2, pp. 10-24, 2008.
[19] R. Chang, G. Jiang, F. Ivančić, S. Sankaranarayanan, and V. Shmatikov. "Inputs of coma: Static detection of denial-of-service vulnerabilities," Computer Security Foundations Symposium, pp.186–199,2009.
[20] A. Gupta, T. A. Henzinger, R. Majumdar, A. Rybalchenko, and R.-G. Xu, "Proving non-termination,"ACM Sigplan Notices, vol.43, no.1, pp.147-158, 2008.
[21] J. Burnim, N. Jalbert, C. Stergiou, and K. Sen, "Looper: lightweight detection of infinite loops at runtime," Automated Software Engineering, pp.161-169, 2009.
[22] J. Burnim, S. Juvekar, and K. Sen, "WISE: automated test generation for worst-case complexity Software Engineering, pp.463–473, 2009.
[23] O. Olivo, I. Dillig, and C. Lin, "Detecting and exploiting second order denial-of-service vulnerabilities in web applications," Computer and Communications Security, pp. 616–628, 2015.
[24] S. Son and V. Shmatikov, "SAFERPHP: finding semantic vulnerabilities in PHP applications," Programming Languages and Analysis for Security, 2011,
[25] X. Li, and Y. Xue, "A survey on server-side approaches to securing web applications," Computing Surveys, vol 46, no.4, 2014.
[26] G. Stergiopoulos, B. Tsoumas, and D. Gritzalis, "On business logic vulnerabilities hunting: the APP_LogGIC framework," Network and System Security, pp. 236–249, 2013.
[27] OWASP, Business Logic Security Cheat Sheet, https://www.owasp.org/index.php/Business_Logic_Security_Cheat_Sheet.
[28] P. K. Ray, Integrated Management from E-business Perspective: Concepts, Architectures and Methodologies, Springer Science & Business Media, 2012.
[29] A. Avizienis, J.-C. Laprie, B. Randell, and C. Landwehr, "Basic concepts and taxonomy of dependable and secure computing," dependable and secure computing, vol. 1, no.1, pp.11-33, 2004.
[30] William Stallings, Computer Data and Computer Communications Eighth Edition, Prentice Hall, 2011.
[31] S. T. Zargar, J. Joshi, and D. Tipper, "A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks," Communications Surveys and Tutorials, vol.15, no.4, pp.2046-2069, 2013.