{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T16:43:21Z","timestamp":1725813801533},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319138404"},{"type":"electronic","value":"9783319138411"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-13841-1_20","type":"book-chapter","created":{"date-parts":[[2014,12,3]],"date-time":"2014-12-03T08:02:35Z","timestamp":1417593755000},"page":"358-377","source":"Crossref","is-referenced-by-count":4,"title":["Efficient Detection of Multi-step Cross-Site Scripting Vulnerabilities"],"prefix":"10.1007","author":[{"given":"Alexandre","family":"Vernotte","sequence":"first","affiliation":[]},{"given":"Fr\u00e9d\u00e9ric","family":"Dadeau","sequence":"additional","affiliation":[]},{"given":"Franck","family":"Lebeau","sequence":"additional","affiliation":[]},{"given":"Bruno","family":"Legeard","sequence":"additional","affiliation":[]},{"given":"Fabien","family":"Peureux","sequence":"additional","affiliation":[]},{"given":"Fran\u00e7ois","family":"Piat","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"20_CR1","first-page":"147","volume-title":"Proc. of the USENIX Conference on Web Application Development (WebApps 2010)","author":"E. Athanasopoulos","year":"2010","unstructured":"Athanasopoulos, E., Pappas, V., Krithinakis, A., Ligouras, S., Markatos, E.P., Karagiannis, T.: xJS: practical XSS prevention for web application development. In: Proc. of the USENIX Conference on Web Application Development (WebApps 2010), pp. 147\u2013158. USENIX Association, Boston (2010)"},{"key":"20_CR2","doi-asserted-by":"publisher","first-page":"332","DOI":"10.1109\/SP.2010.27","volume-title":"Proc. of the 31st Int. Symp. on Security and Privacy (SP 2010)","author":"J. Bau","year":"2010","unstructured":"Bau, J., Bursztein, E., Gupta, D., Mitchell, J.: State of the Art: Automated Black-Box Web Application Vulnerability Testing. In: Proc. of the 31st Int. Symp. on Security and Privacy (SP 2010), pp. 332\u2013345. IEEE CS, Oakland (2010)"},{"key":"20_CR3","unstructured":"Bernard, E., Bouquet, F., Charbonnier, A., Legeard, B., Peureux, F., Utting, M., Torreborre, E.: Model-based Testing from UML Models. In: Proc. of the Int. Workshop on Model-Based Testing (MBT 2006). LNI, vol.\u00a094, pp. 223\u2013230. GI, Dresden (2006)"},{"key":"20_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1007\/978-3-540-70542-0_2","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"P. Bisht","year":"2008","unstructured":"Bisht, P., Venkatakrishnan, V.N.: XSS-GUARD: Precise dynamic prevention of cross-site scripting attacks. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol.\u00a05137, pp. 23\u201343. Springer, Heidelberg (2008)"},{"key":"20_CR5","doi-asserted-by":"publisher","first-page":"471","DOI":"10.1109\/ICST.2013.65","volume-title":"6th Int. Conference on Software Testing, Verification and Validation (ICST 2013)","author":"A. Blome","year":"2013","unstructured":"Blome, A., Ochoa, M., Li, K., Peroli, M., Dashti, M.: Vera: A flexible model-based vulnerability testing tool. In: 6th Int. Conference on Software Testing, Verification and Validation (ICST 2013), pp. 471\u2013478. IEEE CS, Luxembourg (2013)"},{"key":"20_CR6","doi-asserted-by":"publisher","first-page":"192","DOI":"10.1109\/ICST.2013.42","volume-title":"Proc. of the 6th Int. Conference on Software Testing, Verification and Validation (ICST 2013)","author":"J. Botella","year":"2013","unstructured":"Botella, J., Bouquet, F., Capuron, J.-F., Lebeau, F., Legeard, B., Schadle, F.: Model-Based Testing of Cryptographic Components \u2013 Lessons Learned from Experience. In: Proc. of the 6th Int. Conference on Software Testing, Verification and Validation (ICST 2013), pp. 192\u2013201. IEEE CS, Luxembourg (2013)"},{"key":"20_CR7","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1145\/1370042.1370052","volume-title":"Proc. of the 3rd Int. Workshop on Automation of Software Test (AST 2008)","author":"F. Bouquet","year":"2008","unstructured":"Bouquet, F., Grandpierre, C., Legeard, B., Peureux, F.: A test generation solution to automate software testing. In: Proc. of the 3rd Int. Workshop on Automation of Software Test (AST 2008), pp. 45\u201348. ACM Press, Leipzig (2008)"},{"key":"20_CR8","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1145\/1291535.1291545","volume-title":"Proc. of the 3rd Int. Workshop on Advances in Model-Based Testing (AMOST 2007)","author":"F. Bouquet","year":"2007","unstructured":"Bouquet, F., Grandpierre, C., Legeard, B., Peureux, F., Vacelet, N., Utting, M.: A subset of precise UML for model-based testing. In: Proc. of the 3rd Int. Workshop on Advances in Model-Based Testing (AMOST 2007), pp. 95\u2013104. ACM Press, London (2007)"},{"key":"20_CR9","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1109\/SERE.2012.38","volume-title":"6th Int. Conference on Software Security and Reliability (SERE 2012)","author":"M. Buchler","year":"2012","unstructured":"Buchler, M., Oudinet, J., Pretschner, A.: Semi-Automatic Security Testing of Web Applications from a Secure Model. In: 6th Int. Conference on Software Security and Reliability (SERE 2012), pp. 253\u2013262. IEEE, Gaithersburg (2012)"},{"key":"20_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/978-3-642-14215-4_7","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"A. Doup\u00e9","year":"2010","unstructured":"Doup\u00e9, A., Cova, M., Vigna, G.: Why Johnny Can\u2019t Pentest: An Analysis of Black-Box Web Vulnerability Scanners. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol.\u00a06201, pp. 111\u2013131. Springer, Heidelberg (2010)"},{"key":"20_CR11","first-page":"523","volume-title":"Proc. of the 21st USENIX Conference on Security Symposium (Security 2012)","author":"A. Doup\u00e9","year":"2012","unstructured":"Doup\u00e9, A., Cavedon, L., Kruegel, C., Vigna, G.: Enemy of the State: A State-aware Black-box Web Vulnerability Scanner. In: Proc. of the 21st USENIX Conference on Security Symposium (Security 2012), pp. 523\u2013537. USENIX Association, Bellevue (2012)"},{"key":"20_CR12","doi-asserted-by":"publisher","first-page":"1205","DOI":"10.1145\/2508859.2516708","volume-title":"Proc. of the 20th ACM SIGSAC Conference on Computer and Cummunications Security (CCS 2013)","author":"A. Doup\u00e9","year":"2013","unstructured":"Doup\u00e9, A., Cui, W., Jakubowski, M.H., Peinado, M., Kruegel, C., Vigna, G.: deDacota: toward preventing server-side XSS via automatic code and data separation. In: Proc. of the 20th ACM SIGSAC Conference on Computer and Cummunications Security (CCS 2013), pp. 1205\u20131216. ACM, Berlin (2013)"},{"key":"20_CR13","doi-asserted-by":"publisher","first-page":"815","DOI":"10.1109\/ICST.2012.181","volume-title":"Proc. of the 5th Int. Conference on Software Testing, Verification and Validation (ICST 2012)","author":"F. Duchene","year":"2012","unstructured":"Duchene, F., Groz, R., Rawat, S., Richier, J.L.: XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing. In: Proc. of the 5th Int. Conference on Software Testing, Verification and Validation (ICST 2012), pp. 815\u2013817. IEEE CS, Montreal (2012)"},{"key":"20_CR14","first-page":"1","volume-title":"5th Int. Conference for Internet Technology and Secured Transactions (ICITST 2010)","author":"E.C. G\u00e1lan","year":"2010","unstructured":"G\u00e1lan, E.C., Alcaide, A., Orfila, A., Al\u00eds, J.B.: A multi-agent scanner to detect stored-XSS vulnerabilities. In: 5th Int. Conference for Internet Technology and Secured Transactions (ICITST 2010), pp. 1\u20136. IEEE, London (2010)"},{"key":"20_CR15","doi-asserted-by":"crossref","first-page":"199","DOI":"10.1109\/ICSE.2009.5070521","volume-title":"31st Int. Conference on Software Engineering (ICSE 2009)","author":"A. Kie\u017cun","year":"2009","unstructured":"Kie\u017cun, A., Guo, P.J., Jayaraman, K., Ernst, M.D.: Automatic creation of SQL injection and cross-site scripting attacks. In: 31st Int. Conference on Software Engineering (ICSE 2009), pp. 199\u2013209. IEEE, Vancouver (2009)"},{"issue":"7","key":"20_CR16","doi-asserted-by":"publisher","first-page":"592","DOI":"10.1016\/j.cose.2009.04.008","volume":"28","author":"E. Kirda","year":"2009","unstructured":"Kirda, E., Jovanovic, N., Kruegel, C., Vigna, G.: Client-side cross-site scripting protection. Computers & Security\u00a028(7), 592\u2013604 (2009)","journal-title":"Computers & Security"},{"key":"20_CR17","unstructured":"Korscheck, C.: Automatic Detection of Second-Order Cross Site Scripting Vulnerabilities. Diploma thesis, Wilhelm-Schickard-Institut f\u00fcr Informatik, Universit\u00e4t auf T\u00fcbingen (December 2010)"},{"key":"20_CR18","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1109\/ICST.2013.55","volume-title":"Proc. of the 6th Int. Conference on Software Testing, Verification and Validation (ICST 2013)","author":"B. Legeard","year":"2013","unstructured":"Legeard, B., Bouzy, A.: Smartesting CertifyIt: Model-Based Testing for Enterprise IT. In: Proc. of the 6th Int. Conference on Software Testing, Verification and Validation (ICST 2013), pp. 391\u2013397. IEEE CS, Luxembourg (2013)"},{"key":"20_CR19","unstructured":"Mahapatra, R.P., Saini, R., Saini, N.: A pattern based approach to secure web applications from XSS attacks. Int. Journal of Computer Technology and Electronics Engineering (IJCTEE) 2(3) (June 2012)"},{"key":"20_CR20","unstructured":"MITRE: Common weakness enumeration (October 2013), \n                      \n                        http:\/\/cwe.mitre.org\/\n                      \n                      \n                     (last visited: February 2014)"},{"key":"20_CR21","first-page":"1","volume-title":"Proc. of the Network and Distributed System Security Symposium (NDSS 2007)","author":"F. Nentwich","year":"2007","unstructured":"Nentwich, F., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G.: Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In: Proc. of the Network and Distributed System Security Symposium (NDSS 2007), pp. 1\u201312. The Internet Society, San Diego (2007)"},{"issue":"1","key":"20_CR22","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1109\/JSAC.2002.806121","volume":"21","author":"A. Sabelfeld","year":"2006","unstructured":"Sabelfeld, A., Myers, A.C.: Language-based information-flow security. Journal on Selected Areas in Communications Archive\u00a021(1), 5\u201319 (2006)","journal-title":"Journal on Selected Areas in Communications Archive"},{"issue":"5","key":"20_CR23","doi-asserted-by":"publisher","first-page":"467","DOI":"10.1016\/j.infsof.2011.12.006","volume":"54","author":"L.K. Shar","year":"2012","unstructured":"Shar, L.K., Tan, H.B.K.: Automated removal of cross site scripting vulnerabilities in web applications. Information and Software Technology\u00a054(5), 467\u2013478 (2012)","journal-title":"Information and Software Technology"},{"issue":"10","key":"20_CR24","doi-asserted-by":"publisher","first-page":"1767","DOI":"10.1016\/j.infsof.2013.04.002","volume":"55","author":"L.K. Shar","year":"2013","unstructured":"Shar, L.K., Tan, H.B.K.: Predicting SQL injection and cross site scripting vulnerabilities through mining input sanitization patterns. Information and Software Technology\u00a055(10), 1767\u20131780 (2013)","journal-title":"Information and Software Technology"},{"key":"20_CR25","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1109\/SERE.2012.23","volume-title":"Proc. of the 6th Int. Conference on Software Security and Reliability (SERE 2012)","author":"B. Smith","year":"2012","unstructured":"Smith, B., Williams, L.: On the Effective Use of Security Test Patterns. In: Proc. of the 6th Int. Conference on Software Security and Reliability (SERE 2012), pp. 108\u2013117. IEEE CS, Washington, DC (2012)"},{"key":"20_CR26","unstructured":"Vouffo Feudjio, A.G.: Initial Security Test Pattern Catalog. Public Deliverable D3.WP4.T1, Diamonds Project, Berlin, Germany (June 2012), \n                      \n                        http:\/\/publica.fraunhofer.de\/documents\/N-212439.html\n                      \n                      \n                     (last visited: February 2014)"},{"key":"20_CR27","first-page":"171","volume-title":"Proc. of the 30th Int. Conference on Software Engineering (ICSE 2008)","author":"G. Wassermann","year":"2008","unstructured":"Wassermann, G., Su, Z.: Static detection of cross-site scripting vulnerabilities. In: Proc. of the 30th Int. Conference on Software Engineering (ICSE 2008), pp. 171\u2013180. IEEE, Leipzig (2008)"},{"key":"20_CR28","unstructured":"Whitehat: Website security statistics report (October 2013), \n                      \n                        https:\/\/www.whitehatsec.com\/assets\/WPstatsReport_052013.pdf\n                      \n                      \n                     (last visited: February 2014)"},{"key":"20_CR29","unstructured":"Wichers, D.: Owasp top 10 (October 2013), \n                      \n                        https:\/\/www.owasp.org\/index.php\/Category:OWASP_Top_Ten_Project\n                      \n                      \n                     (last visited: February 2014)"},{"key":"20_CR30","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1109\/IWSESS.2009.5068456","volume-title":"5th Int. Workshop on Software Engineering for Secure Systems (SESS 2009)","author":"P. Wurzinger","year":"2009","unstructured":"Wurzinger, P., Platzer, C., Ludl, C., Kirda, E., Kruegel, C.: SWAP: mitigating XSS attacks using a reverse proxy. In: 5th Int. Workshop on Software Engineering for Secure Systems (SESS 2009), pp. 33\u201339. IEEE, Vancouver (2009)"}],"container-title":["Lecture Notes in Computer Science","Information Systems Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-13841-1_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,28]],"date-time":"2019-05-28T18:54:20Z","timestamp":1559069660000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-13841-1_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319138404","9783319138411"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-13841-1_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}