{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T18:26:49Z","timestamp":1773772009898,"version":"3.50.1"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319474427","type":"print"},{"value":"9783319474434","type":"electronic"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-47443-4_5","type":"book-chapter","created":{"date-parts":[[2016,10,3]],"date-time":"2016-10-03T15:10:12Z","timestamp":1475507412000},"page":"70-85","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing"],"prefix":"10.1007","author":[{"given":"Dimitris E.","family":"Simos","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kristoffer","family":"Kleine","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Laleh Shikh Gholamhossein","family":"Ghandehari","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bernhard","family":"Garn","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yu","family":"Lei","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,10,4]]},"reference":[{"key":"5_CR1","doi-asserted-by":"crossref","unstructured":"Argyros, G., Stais, I., Kiayias, A., Keromytis, A.G.: Back in black: towards formal, black box analysis of sanitizers and filters. In: Proceedings of the 37th IEEE Symposium on Security and Privacy (2016)","DOI":"10.1109\/SP.2016.14"},{"key":"5_CR2","doi-asserted-by":"crossref","unstructured":"Bozic, J., Garn, B., Kapsalis, I., Simos, D., Winkler, S., Wotawa, F.: Attack pattern-based combinatorial testing with constraints for web security testing. In: Proceedings of the 2015 IEEE International Conference on Software Quality, Reliability and Security, QRS 2015, pp. 207\u2013212 (2015)","DOI":"10.1109\/QRS.2015.38"},{"key":"5_CR3","doi-asserted-by":"crossref","unstructured":"Bozic, J., Garn, B., Simos, D.E., Wotawa, F.: Evaluation of the IPO-family algorithms for test case generation in web security testing. In: 2015 IEEE Eighth International Conference on Software Testing, Verification and Validation Workshops (ICSTW), pp. 1\u201310 (2015)","DOI":"10.1109\/ICSTW.2015.7107436"},{"key":"5_CR4","unstructured":"Brcic, M., Kalpic, D.: Combinatorial testing in software projects. In: Proceedings of the 35th International Convention, MIPRO, 2012 , pp. 1508\u20131513 (2012)"},{"key":"5_CR5","doi-asserted-by":"crossref","unstructured":"Duchene, F., Groz, R., Rawat, S., Richier, J.L.: XSS vulnerability detection using model inference assisted evolutionary fuzzing. In: Proceedings of the 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation, ICST 2012, pp. 815\u2013817. IEEE Computer Society, Washington (2012)","DOI":"10.1109\/ICST.2012.181"},{"key":"5_CR6","doi-asserted-by":"crossref","unstructured":"Duchene, F., Rawat, S., Richier, J.L., Groz, R.: KameleonFuzz: evolutionary fuzzing for black-box XSS detection. In: CODASPY. ACM (2014)","DOI":"10.1145\/2557547.2557550"},{"key":"5_CR7","doi-asserted-by":"crossref","unstructured":"Garn, B., Kapsalis, I., Simos, D., Winkler, S.: On the applicability of combinatorial testing to web application security testing: a case study. In: Proceedings of the 2014 Workshop on Joining AcadeMiA and Industry Contributions to Test Automation and Model-Based Testing, pp. 16\u201321. ACM (2014)","DOI":"10.1145\/2631890.2631894"},{"key":"5_CR8","doi-asserted-by":"crossref","unstructured":"Ghandehari, L.S., Lei, Y., Kung, D., Kacker, R., Kuhn, R.: Fault localization based on failure-inducing combinations. In: 2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE), pp. 168\u2013177. IEEE (2013)","DOI":"10.1109\/ISSRE.2013.6698916"},{"key":"5_CR9","doi-asserted-by":"crossref","unstructured":"Ghandehari, L.S.G., Lei, Y., Xie, T., Kuhn, R., Kacker, R.: Identifying failure-inducing combinations in a combinatorial test set. In: 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation (ICST), pp. 370\u2013379. IEEE (2012)","DOI":"10.1109\/ICST.2012.117"},{"key":"5_CR10","doi-asserted-by":"crossref","unstructured":"Grindal, M., Offutt, J.: Input parameter modeling for combination strategies. In: Proceedings of the 25th Conference on IASTED International Multi-Conference: Software Engineering SE 2007, pp. 255\u2013260. ACTA Press, Anaheim (2007)","DOI":"10.1109\/ASWEC.2007.27"},{"issue":"4","key":"5_CR11","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1109\/MC.2015.114","volume":"48","author":"JD Hagar","year":"2015","unstructured":"Hagar, J.D., Wissink, T.L., Kuhn, D., Kacker, R.N.: Introducing combinatorial testing in a large organization. Computer 48(4), 64\u201372 (2015)","journal-title":"Computer"},{"key":"5_CR12","doi-asserted-by":"publisher","first-page":"170","DOI":"10.1016\/j.infsof.2014.07.010","volume":"58","author":"I Hydara","year":"2015","unstructured":"Hydara, I., Sultan, A.B.M., Zulzalil, H., Admodisastro, N.: Current state of research on cross-site scripting (XSS) a systematic literature review. Inf. Softw. Technol. 58, 170\u2013186 (2015)","journal-title":"Inf. Softw. Technol."},{"key":"5_CR13","doi-asserted-by":"crossref","unstructured":"Kuhn, D.R., Okun, V.: Pseudo-exhaustive testing for software. In: 30th Annual IEEE\/NASA Software Engineering Workshop, SEW 2006, pp. 153\u2013158. IEEE (2006)","DOI":"10.1109\/SEW.2006.26"},{"key":"5_CR14","unstructured":"Kuhn, D., Kacker, R., Lei, Y.: Introduction to Combinatorial Testing. Chapman & Hall\/CRC Innovations in Software Engineering and Software Development Series. Taylor & Francis (2013)"},{"key":"5_CR15","unstructured":"van der Loo, F.: Comparison of penetration testing tools for web applications. Master\u2019s thesis, University of Radboud, Netherlands (2011)"},{"key":"5_CR16","doi-asserted-by":"crossref","unstructured":"Mohammadi, M., Chu, B., Lipford, H.R., Murphy-Hill, E.: Automatic web security unit testing: XSS vulnerability detection. In: Proceedings of the 11th International Workshop on Automation of Software Test, AST 2016, pp. 78\u201384. ACM, New York (2016)","DOI":"10.1145\/2896921.2896929"},{"issue":"2","key":"5_CR17","doi-asserted-by":"publisher","first-page":"11: 1","DOI":"10.1145\/1883612.1883618","volume":"43","author":"C Nie","year":"2011","unstructured":"Nie, C., Leung, H.: A survey of combinatorial testing. ACM Comput. Surv. 43(2), 11: 1\u201311: 29 (2011)","journal-title":"ACM Comput. Surv."},{"key":"5_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1088","DOI":"10.1007\/11428862_179","volume-title":"Computational Science \u2013 ICCS 2005","author":"L Shi","year":"2005","unstructured":"Shi, L., Nie, C., Xu, B.: A software debugging method based on pairwise testing. In: Sunderam, V.S., Albada, G.D., Sloot, P.M.A., Dongarra, J. (eds.) ICCS 2005. LNCS, vol. 3516, pp. 1088\u20131091. Springer, Heidelberg (2005). doi: 10.1007\/11428862_179"},{"key":"5_CR19","doi-asserted-by":"crossref","unstructured":"Sudhodanan, A., Armando, A., Carbone, R., Compagna, L.: Attack patterns for black-box security testing of multi-party web applications. In: Proceedings of the Network and Distributed system Security Symposium (NDSS) (2016)","DOI":"10.14722\/ndss.2016.23286"},{"key":"5_CR20","doi-asserted-by":"crossref","unstructured":"Tripp, O., Weisman, O., Guy, L.: Finding your way in the testing jungle: a learning approach to web security testing. In: Proceedings of the 2013 International Symposium on Software Testing and Analysis, ISSTA 2013, pp. 347\u2013357. ACM, New York (2013)","DOI":"10.1145\/2483760.2483776"},{"key":"5_CR21","doi-asserted-by":"crossref","unstructured":"Wang, Z., Xu, B., Chen, L., Xu, L.: Adaptive interaction fault location based on combinatorial testing. In: 2010 10th International Conference on Quality Software (QSIC), pp. 495\u2013502. IEEE (2010)","DOI":"10.1109\/QSIC.2010.36"},{"key":"5_CR22","unstructured":"Williams, J., Wichers, D.: OWASP Top 10 2013 (2013). https:\/\/www.owasp.org\/index.php\/Top_10_2013"},{"key":"5_CR23","doi-asserted-by":"crossref","unstructured":"Yu, L., Lei, Y., Kacker, R., Kuhn, D.: Acts: a combinatorial test generation tool. In: 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation (ICST), pp. 370\u2013375 (2013)","DOI":"10.1109\/ICST.2013.52"},{"key":"5_CR24","doi-asserted-by":"crossref","unstructured":"Zhang, Z., Zhang, J.: Characterizing failure-causing parameter interactions by adaptive testing. In: Proceedings of the 2011 International Symposium on Software Testing and Analysis, pp. 331\u2013341. ACM (2011)","DOI":"10.1145\/2001420.2001460"}],"container-title":["Lecture Notes in Computer Science","Testing Software and Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-47443-4_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,10]],"date-time":"2025-06-10T22:28:39Z","timestamp":1749594519000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-47443-4_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319474427","9783319474434"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-47443-4_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"4 October 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICTSS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on Testing Software and Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Graz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Austria","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 October 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 October 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"pts2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}