{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T02:34:21Z","timestamp":1769913261251,"version":"3.49.0"},"publisher-location":"Cham","reference-count":32,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319085920","type":"print"},{"value":"9783319085937","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-08593-7_8","type":"book-chapter","created":{"date-parts":[[2014,6,23]],"date-time":"2014-06-23T08:55:19Z","timestamp":1403513719000},"page":"110-126","source":"Crossref","is-referenced-by-count":37,"title":["Large-Scale Security Analysis of the Web: Challenges and Findings"],"prefix":"10.1007","author":[{"given":"Tom","family":"van Goethem","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ping","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nick","family":"Nikiforakis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lieven","family":"Desmet","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wouter","family":"Joosen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"8_CR1","unstructured":"Bing Search API, \n                    \n                      http:\/\/datamarket.azure.com\/dataset\/bing\/search"},{"key":"8_CR2","unstructured":"Common Vulnerability Scoring System (CVSS), \n                    \n                      http:\/\/www.first.org\/cvss"},{"key":"8_CR3","unstructured":"Common Weakness Scoring System (CWSS), \n                    \n                      https:\/\/cwe.mitre.org\/cwss\/"},{"key":"8_CR4","unstructured":"OWASP Top Ten Project, \n                    \n                      https:\/\/www.owasp.org\/index.php\/Category:OWASP_Top_Ten_Project"},{"key":"8_CR5","unstructured":"Phantomjs: Headless webkit with javascript api, \n                    \n                      https:\/\/www.phantomjs.org\/"},{"key":"8_CR6","unstructured":"SSL Pulse, \n                    \n                      https:\/\/www.trustworthyinternet.org\/ssl-pulse\/"},{"key":"8_CR7","unstructured":"sslyze, \n                    \n                      https:\/\/github.com\/iSECPartners\/sslyze"},{"key":"8_CR8","unstructured":"Alarifi, A., Alsaleh, M., Al-Salman, A.: Security analysis of top visited arabic web sites. In: 2013 15th International Conference on Advanced Communication Technology (ICACT), pp. 173\u2013178. IEEE (2013)"},{"key":"8_CR9","unstructured":"Balduzzi, M., Gimenez, C.T., Balzarotti, D., Kirda, E.: Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications. In: 18th Annual Network and Distributed System Security Symposium, San Diego, USA (2011)"},{"key":"8_CR10","doi-asserted-by":"crossref","unstructured":"Barth, A.: HTTP state management mechanism. IETF RFC (2011)","DOI":"10.17487\/rfc6265"},{"key":"8_CR11","first-page":"75","volume-title":"Proceedings of the 15th ACM conference on Computer and communications security, CCS 2008","author":"A. Barth","year":"2008","unstructured":"Barth, A., Jackson, C., Mitchell, J.C.: Robust defenses for cross-site request forgery. In: Proceedings of the 15th ACM conference on Computer and communications security, CCS 2008, pp. 75\u201388. ACM, New York (2008)"},{"key":"8_CR12","doi-asserted-by":"crossref","unstructured":"Canali, D., Balzarotti, D., Francillon, A.: The role of web hosting providers in detecting compromised websites. In: Proceedings of the 22nd International Conference on World Wide Web, WWW 2013, pp. 177\u2013188 (2013)","DOI":"10.1145\/2488388.2488405"},{"key":"8_CR13","unstructured":"Chen, P., Nikiforakis, N., Huygens, C., Desmet, L.: A Dangerous Mix: Large-scale analysis of mixed-content websites. In: Proceedings of the 16th Information Security Conference, ISC 2013, Dallas, USA (2013)"},{"key":"8_CR14","unstructured":"Thai Duong and Juliano Rizzo. Here Come The \u2295 Ninjas (2011)"},{"key":"8_CR15","doi-asserted-by":"crossref","unstructured":"Hodges, J., Jackson, C., Barth, A.: HTTP strict transport security (HSTS). IETF RFC (2012)","DOI":"10.17487\/rfc6797"},{"key":"8_CR16","doi-asserted-by":"crossref","unstructured":"Kals, S., Kirda, E., Kruegel, C., Jovanovic, N.: Secubat: a web vulnerability scanner. In: Proceedings of the 15th International Conference on World Wide Web, pp. 247\u2013256. ACM (2006)","DOI":"10.1145\/1135777.1135817"},{"key":"8_CR17","doi-asserted-by":"crossref","unstructured":"Lekies, S., Stock, B., Johns, M.: 25 million flows later: large-scale detection of dom-based xss. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1193\u20131204. ACM (2013)","DOI":"10.1145\/2508859.2516703"},{"key":"8_CR18","unstructured":"Lundeen, R., Ou, J., Rhodes, T.: New ways i\u2019m going to hack your web app. (2011)"},{"key":"8_CR19","unstructured":"Marlinspike, M.: New tricks for defeating ssl in practice. Blackhat (2009)"},{"key":"8_CR20","unstructured":"Microsoft: IE8 Security Part IV: The XSS Filter (2008)"},{"key":"8_CR21","doi-asserted-by":"crossref","unstructured":"Nikiforakis, N., Invernizzi, L., Kapravelos, A., Acker, S.V., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: You are what you include: large-scale evaluation of remote javascript inclusions. In: Proceedings of the 2012 ACM Conference on Computer and Communications security, CCS 2012, pp. 736\u2013747. ACM, New York (2012)","DOI":"10.1145\/2382196.2382274"},{"key":"8_CR22","doi-asserted-by":"crossref","unstructured":"Nikiforakis, N., Younan, Y., Joosen, W.: HProxy: Client-side detection of SSL stripping attacks. In: Proceedings of the 7th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, DIMVA 2010 (2010)","DOI":"10.1007\/978-3-642-14215-4_12"},{"key":"8_CR23","unstructured":"Rizzo, J., Duong, T.: Crime: Compression ratio info-leak made easy. In: Ekoparty Security Conference (2012)"},{"key":"8_CR24","doi-asserted-by":"crossref","unstructured":"Ross, D., Gondrom, T.: HTTP Header X-Frame-Options. IETF RFC (2013)","DOI":"10.17487\/rfc7034"},{"key":"8_CR25","unstructured":"Sellers, D.: ASP.NET 2.0 and the new HTTP-only property. MSDN Blogs (March 2006)"},{"key":"8_CR26","unstructured":"Son, S., Shmatikov, V.: The postman always rings twice: Attacking and defending postmessage in html5 websites"},{"key":"8_CR27","doi-asserted-by":"publisher","first-page":"921","DOI":"10.1145\/1772690.1772784","volume-title":"Proceedings of the 19th International Conference on World Wide Web, WWW 2010","author":"S. Stamm","year":"2010","unstructured":"Stamm, S., Sterne, B., Markham, G.: Reining in the web with content security policy. In: Proceedings of the 19th International Conference on World Wide Web, WWW 2010, pp. 921\u2013930. ACM, New York (2010)"},{"key":"8_CR28","unstructured":"Sterne, B., Barth, A.: Content Security Policy 1.0. W3C Candidate Recommendation (2012)"},{"key":"8_CR29","doi-asserted-by":"crossref","unstructured":"Vasek, M., Moore, T.: Identifying Risk Factors for Webserver Compromise. In: Proceedings of the Eighteenth International Conference on Financial Cryptography and Data Security, FC 2014 (2014)","DOI":"10.1007\/978-3-662-45472-5_22"},{"key":"8_CR30","unstructured":"West, M.: Play safely in sandboxed iframes (2013)"},{"key":"8_CR31","unstructured":"WhiteHat. Website Security Statistics Report, \n                    \n                      https:\/\/www.whitehatsec.com\/resource\/stats.html"},{"key":"8_CR32","unstructured":"Zeller, W., Felten, E.W.: Cross-site request forgeries: Exploitation and prevention. The New York Times, 1\u201313 (2008)"}],"container-title":["Lecture Notes in Computer Science","Trust and Trustworthy Computing"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-08593-7_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,26]],"date-time":"2019-05-26T23:46:05Z","timestamp":1558914365000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-08593-7_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319085920","9783319085937"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-08593-7_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014]]}}}