{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T10:05:58Z","timestamp":1775815558550,"version":"3.50.1"},"publisher-location":"Cham","reference-count":47,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030884178","type":"print"},{"value":"9783030884185","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-88418-5_8","type":"book-chapter","created":{"date-parts":[[2021,9,29]],"date-time":"2021-09-29T21:04:30Z","timestamp":1632949470000},"page":"152-172","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":23,"title":["webFuzz: Grey-Box Fuzzing for Web Applications"],"prefix":"10.1007","author":[{"given":"Orpheas","family":"van Rooij","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Marcos Antonios","family":"Charalambous","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Demetris","family":"Kaizer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michalis","family":"Papaevripides","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Elias","family":"Athanasopoulos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,9,30]]},"reference":[{"key":"8_CR1","doi-asserted-by":"crossref","unstructured":"Agrawal, H.: Dominators, super blocks, and program coverage. In: Proceedings of the 21st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 25\u201334 (1994)","DOI":"10.1145\/174675.175935"},{"key":"8_CR2","unstructured":"Aho, A., Lam, M., Ullman, J., Sethi, R.: Compilers: Principles, Techniques, and Tools. Pearson Education (2011). https:\/\/books.google.com.cy\/books?id=NTIrAAAAQBAJ"},{"key":"8_CR3","doi-asserted-by":"crossref","unstructured":"Alhuzali, A., Eshete, B., Gjomemo, R., Venkatakrishnan, V.: Chainsaw: chained automated workflow-based exploit generation. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 641\u2013652 (2016)","DOI":"10.1145\/2976749.2978380"},{"key":"8_CR4","unstructured":"Alhuzali, A., Gjomemo, R., Eshete, B., Venkatakrishnan, V.: NAVEX: precise and scalable exploit generation for dynamic web applications. In: 27th USENIX Security Symposium (2018)"},{"key":"8_CR5","doi-asserted-by":"crossref","unstructured":"Ammann, P., Offutt, J.: Introduction to Software Testing. Cambridge University Press, Cambridge (2016)","DOI":"10.1017\/9781316771273"},{"key":"8_CR6","doi-asserted-by":"crossref","unstructured":"Artzi, S., et al.: Finding bugs in web applications using dynamic test generation and explicit-state model checking. IEEE Trans. Softw. Eng. 36, 474\u2013494 (2010)","DOI":"10.1109\/TSE.2010.31"},{"key":"8_CR7","doi-asserted-by":"crossref","unstructured":"Backes, M., Rieck, K., Skoruppa, M., Stock, B., Yamaguchi, F.: Efficient and flexible discovery of PHP application vulnerabilities. In: 2017 IEEE European Symposium on Security And Privacy (EuroS&P), pp. 334\u2013349. IEEE (2017)","DOI":"10.1109\/EuroSP.2017.14"},{"key":"8_CR8","doi-asserted-by":"crossref","unstructured":"Balzarotti, D., et al.: Saner: composing static and dynamic analysis to validate sanitization in web applications. In: 2008 IEEE Symposium on Security and Privacy (SP 2008) (2008)","DOI":"10.1109\/SP.2008.22"},{"key":"8_CR9","doi-asserted-by":"crossref","unstructured":"Bau, J., Bursztein, E., Gupta, D., Mitchell, J.: State of the art: automated black-box web application vulnerability testing. In: 2010 IEEE Symposium on Security and Privacy (2010)","DOI":"10.1109\/SP.2010.27"},{"key":"8_CR10","doi-asserted-by":"crossref","unstructured":"Ben Khadra, M.A., Stoffel, D., Kunz, W.: Efficient binary-level coverage analysis. In: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1153\u20131164 (2020)","DOI":"10.1145\/3368089.3409694"},{"key":"8_CR11","doi-asserted-by":"crossref","unstructured":"Black, P.E., Black, P.E.: Juliet 1.3 test suite: changes from 1.2. US Department of Commerce, National Institute of Standards and Technology (2018)","DOI":"10.6028\/NIST.TN.1995"},{"key":"8_CR12","doi-asserted-by":"crossref","unstructured":"B\u00f6hme, M., Pham, V.T., Nguyen, M.D., Roychoudhury, A.: Directed greybox fuzzing. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 2329\u20132344 (2017)","DOI":"10.1145\/3133956.3134020"},{"key":"8_CR13","doi-asserted-by":"crossref","unstructured":"Cornelius Aschermann et al.: REDQUEEN: fuzzing with input-to-state correspondence. In: NDSS, vol. 19, pp. 1\u201315 (2019)","DOI":"10.14722\/ndss.2019.23371"},{"key":"8_CR14","unstructured":"Corporation, T.M.: Common vulnerabilities and exposures (CVE) (2020). https:\/\/cve.mitre.org\/"},{"key":"8_CR15","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., et al.: LAVA: large-scale automated vulnerability addition. In: 2016 IEEE Symposium on Security and Privacy (SP). IEEE (2016)","DOI":"10.1109\/SP.2016.15"},{"key":"8_CR16","unstructured":"Doup\u00e9, A., Cavedon, L., Kruegel, C., Vigna, G.: Enemy of the state: a state-aware black-box web vulnerability scanner. In: 21st USENIX Security Symposium (USENIX Security 12), Bellevue, WA, pp. 523\u2013538. USENIX Association, August 2012. https:\/\/www.usenix.org\/conference\/usenixsecurity12\/technical-sessions\/presentation\/doupe"},{"key":"8_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/978-3-642-14215-4_7","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"A Doup\u00e9","year":"2010","unstructured":"Doup\u00e9, A., Cova, M., Vigna, G.: Why Johnny can\u2019t pentest: an analysis of black-box web vulnerability scanners. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 111\u2013131. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14215-4_7"},{"key":"8_CR18","doi-asserted-by":"publisher","unstructured":"Duchene, F., Rawat, S., Richier, J.L., Groz, R.: KameleonFuzz: evolutionary fuzzing for black-box XSS detection. In: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014, New York, NY, USA, p. 3748. Association for Computing Machinery (2014). https:\/\/doi.org\/10.1145\/2557547.2557550","DOI":"10.1145\/2557547.2557550"},{"key":"8_CR19","unstructured":"Germ\u00e1n M\u00e9ndez Bravoi, A.H.: esprima-python (2017). https:\/\/github.com\/Kronuz\/esprima-python"},{"key":"8_CR20","doi-asserted-by":"crossref","unstructured":"Ghaleb, A., Pattabiraman, K.: How effective are smart contract analysis tools? Evaluating smart contract static analysis tools using bug injection. arXiv preprint arXiv:2005.11613 (2020)","DOI":"10.1145\/3406883"},{"key":"8_CR21","doi-asserted-by":"publisher","unstructured":"Godefroid, P., Klarlund, N., Sen, K.: Dart: directed automated random testing. In: Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2005, New York, NY, USA, pp. 213\u2013223. Association for Computing Machinery (2005). https:\/\/doi.org\/10.1145\/1065010.1065036","DOI":"10.1145\/1065010.1065036"},{"key":"8_CR22","doi-asserted-by":"crossref","unstructured":"Godefroid, P., Levin, M.Y., Molnar, D.: SAGE: whitebox fuzzing for security testing. Queue (2012)","DOI":"10.1145\/2090147.2094081"},{"key":"8_CR23","doi-asserted-by":"crossref","unstructured":"Householder, A.D., Foote, J.M.: Probability-based parameter selection for black-box fuzz testing, Technical report. Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst. (2012)","DOI":"10.21236\/ADA610472"},{"key":"8_CR24","unstructured":"James Graham, S.S.: html5lib-python (2007). https:\/\/github.com\/html5lib\/html5lib-python"},{"key":"8_CR25","doi-asserted-by":"crossref","unstructured":"Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: a static analysis tool for detecting web application vulnerabilities. In: 2006 IEEE Symposium on Security and Privacy (S&P 2006), pp. 6-pp. IEEE (2006)","DOI":"10.1109\/SP.2006.29"},{"key":"8_CR26","doi-asserted-by":"publisher","unstructured":"Jovanovic, N., Kruegel, C., Kirda, E.: Precise alias analysis for static detection of web application vulnerabilities. In: Proceedings of the 2006 Workshop on Programming Languages and Analysis for Security, PLAS 2006, New York, NY, USA, pp. 27\u201336. Association for Computing Machinery (2006). https:\/\/doi.org\/10.1145\/1134744.1134751","DOI":"10.1145\/1134744.1134751"},{"key":"8_CR27","doi-asserted-by":"crossref","unstructured":"Kieyzun, A., Guo, P.J., Jayaraman, K., Ernst, M.D.: Automatic creation of SQL injection and cross-site scripting attacks. In: 2009 IEEE 31st International Conference on Software Engineering, pp. 199\u2013209 (2009)","DOI":"10.1109\/ICSE.2009.5070521"},{"key":"8_CR28","doi-asserted-by":"publisher","unstructured":"Klees, G., Ruef, A., Cooper, B., Wei, S., Hicks, M.: Evaluating fuzz testing. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, New York, NY, USA, pp. 2123\u20132138. Association for Computing Machinery (2018). https:\/\/doi.org\/10.1145\/3243734.3243804","DOI":"10.1145\/3243734.3243804"},{"key":"8_CR29","doi-asserted-by":"crossref","unstructured":"Medeiros, I., Neves, N., Correia, M.: DEKANT: a static analysis tool that learns to detect web application vulnerabilities. In: Proceedings of the 25th International Symposium on Software Testing and Analysis, pp. 1\u201311 (2016)","DOI":"10.1145\/2931037.2931041"},{"key":"8_CR30","doi-asserted-by":"publisher","unstructured":"Medeiros, I., Neves, N.F., Correia, M.: Automatic detection and correction of web application vulnerabilities using data mining to predict false positives. In: Proceedings of the 23rd International Conference on World Wide Web, WWW 2014, pp. 63\u201374, New York, NY, USA. Association for Computing Machinery (2014). https:\/\/doi.org\/10.1145\/2566486.2568024","DOI":"10.1145\/2566486.2568024"},{"key":"8_CR31","unstructured":"Mendez, X.: Wfuzz - the web fuzzer (2011). https:\/\/github.com\/xmendez\/wfuzz"},{"key":"8_CR32","unstructured":"Mu, D., Cuevas, A., Yang, L., Hu, H., Xing, X., Mao, B., Wang, G.: Understanding the reproducibility of crowd-reported security vulnerabilities. In: 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD. pp. 919\u2013936. USENIX Association, August 2018. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/mu"},{"key":"8_CR33","unstructured":"Nilson, G., Wills, K., Stuckman, J., Purtilo, J.: BugBox: a vulnerability corpus for PHP web applications. In: 6th Workshop on Cyber Security Experimentation and Test (CSET 13). USENIX Association, Washington, D.C., August 2013. https:\/\/www.usenix.org\/conference\/cset13\/workshop-program\/presentation\/nilson"},{"key":"8_CR34","doi-asserted-by":"publisher","unstructured":"Pewny, J., Holz, T.: EvilCoder: automated bug insertion. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016, New York, NY, USA, p. 214225. Association for Computing Machinery (2016). https:\/\/doi.org\/10.1145\/2991079.2991103","DOI":"10.1145\/2991079.2991103"},{"key":"8_CR35","doi-asserted-by":"crossref","unstructured":"Pham, V.T., B\u00f6hme, M., Santosa, A.E., Caciulescu, A.R., Roychoudhury, A.: Smart greybox fuzzing. IEEE Trans. Softw. Eng. (2019)","DOI":"10.1109\/TSE.2019.2941681"},{"key":"8_CR36","unstructured":"Popov, N.: PHP parser. https:\/\/github.com\/nikic\/PHP-Parser"},{"key":"8_CR37","doi-asserted-by":"crossref","unstructured":"Rawat, S., Jain, V., Kumar, A., Cojocar, L., Giuffrida, C., Bos, H.: VUzzer: application-aware evolutionary fuzzing. In: NDSS, vol. 17, pp. 1\u201314 (2017)","DOI":"10.14722\/ndss.2017.23404"},{"key":"8_CR38","doi-asserted-by":"publisher","unstructured":"Rizzo, L., Landi, M.: Netmap: Memory mapped access to network devices. SIGCOMM Comput. Commun. Rev. 41(4), 422\u2013423 (2011). https:\/\/doi.org\/10.1145\/2043164.2018500","DOI":"10.1145\/2043164.2018500"},{"key":"8_CR39","unstructured":"Seal, S.M.: Optimizing web application fuzzing with genetic algorithms and language Theory. Master\u2019s thesis, Wake Forest University (2016)"},{"key":"8_CR40","unstructured":"Serebryany, K.: Libfuzzer-a library for coverage-guided fuzz testing (2015). https:\/\/llvm.org\/docs\/LibFuzzer.html"},{"key":"8_CR41","doi-asserted-by":"crossref","unstructured":"Sparks, S., Embleton, S., Cunningham, R., Zou, C.: Automated vulnerability analysis: leveraging control flow for evolutionary input crafting. In: Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), pp. 477\u2013486 (2007)","DOI":"10.1109\/ACSAC.2007.4413013"},{"key":"8_CR42","doi-asserted-by":"crossref","unstructured":"Stephens, N., et al.: Driller: augmenting fuzzing through selective symbolic execution. In: NDSS, vol. 16, pp. 1\u201316 (2016)","DOI":"10.14722\/ndss.2016.23368"},{"issue":"4","key":"8_CR43","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1145\/566171.566186","volume":"27","author":"MM Tikir","year":"2002","unstructured":"Tikir, M.M., Hollingsworth, J.K.: Efficient instrumentation for code coverage testing. ACM SIGSOFT Softw. Eng. Notes 27(4), 86\u201396 (2002)","journal-title":"ACM SIGSOFT Softw. Eng. Notes"},{"key":"8_CR44","doi-asserted-by":"crossref","unstructured":"Wang, Y., et al.: Not all coverage measurements are equal: fuzzing by coverage accounting for input prioritization. In: NDSS (2020)","DOI":"10.14722\/ndss.2020.24422"},{"key":"8_CR45","doi-asserted-by":"crossref","unstructured":"Woo, M., Cha, S.K., Gottlieb, S., Brumley, D.: Scheduling black-box mutational fuzzing. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 511\u2013522 (2013)","DOI":"10.1145\/2508859.2516736"},{"key":"8_CR46","unstructured":"Zalewski, M.: Binary fuzzing strategies: what works, what doesn\u2019t, August 2014. https:\/\/lcamtuf.blogspot.com\/2014\/08\/binary-fuzzing-strategies-what-works.html"},{"key":"8_CR47","unstructured":"Zalewski, M.: More about AFL - AFL 2.53b documentation (2019). https:\/\/afl-1.readthedocs.io\/en\/latest\/about_afl.html"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2021"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-88418-5_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,9,29]],"date-time":"2021-09-29T21:10:39Z","timestamp":1632949839000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-88418-5_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030884178","9783030884185"],"references-count":47,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-88418-5_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"30 September 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Darmstadt","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 October 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 October 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2021.athene-center.de\/index.php","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"351","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"71","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.07","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6.06","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}