{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T03:47:42Z","timestamp":1760586462582},"publisher-location":"Berlin, Heidelberg","reference-count":32,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540874027"},{"type":"electronic","value":"9783540874034"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-87403-4_11","type":"book-chapter","created":{"date-parts":[[2008,9,17]],"date-time":"2008-09-17T07:42:05Z","timestamp":1221637325000},"page":"191-210","source":"Crossref","is-referenced-by-count":31,"title":["Leveraging User Interactions for In-Depth Testing of Web Applications"],"prefix":"10.1007","author":[{"given":"Sean","family":"McAllister","sequence":"first","affiliation":[]},{"given":"Engin","family":"Kirda","sequence":"additional","affiliation":[]},{"given":"Christopher","family":"Kruegel","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"11_CR1","unstructured":"Acunetix. Acunetix Web Vulnerability Scanner (2008), http:\/\/www.acunetix.com\/"},{"key":"11_CR2","doi-asserted-by":"crossref","unstructured":"Balzarotti, D., Cova, M., Felmetsger, V., Jovanov, N., Kirda, E., Kruegel, C., Vigna, G.: Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications. In: IEEE Security and Privacy Symposium (2008)","DOI":"10.1109\/SP.2008.22"},{"key":"11_CR3","unstructured":"Beizer, B.: Software System Testing and Quality Assurance. Van Nostrand Reinhold (1984)"},{"key":"11_CR4","unstructured":"Beizer, B.: Software Testing Techniques. Van Nostrand Reinhold (1990)"},{"key":"11_CR5","unstructured":"Spider, B.: Web Application Security (2008), http:\/\/portswigger.net\/spider\/"},{"key":"11_CR6","doi-asserted-by":"crossref","unstructured":"Cadar, C., Ganesh, V., Pawlowski, P., Dill, D., Engler, D.: EXE: Automatically Generating Inputs of Death. In: ACM Conference on Computer and Communication Security (2006)","DOI":"10.1145\/1180405.1180445"},{"key":"11_CR7","unstructured":"Hannson, D.: Ruby on Rails (2008), http:\/\/www.rubyonrails.org\/"},{"key":"11_CR8","unstructured":"Django. The Web Framework for Professionals with Deadlines (2008), http:\/\/www.djangoproject.com\/"},{"key":"11_CR9","unstructured":"Basic Django Blog Application, http:\/\/code.google.com\/p\/django-basic-blog\/"},{"key":"11_CR10","unstructured":"Endler, D.: The Evolution of Cross Site Scripting Attacks. Technical report, iDEFENSE Labs (2002)"},{"key":"11_CR11","volume-title":"Fundamentals of Software Engineering","author":"C. Ghezzi","year":"1994","unstructured":"Ghezzi, C., Jazayeri, M., Mandrioli, D.: Fundamentals of Software Engineering. Prentice-Hall International, Englewood Cliffs (1994)"},{"key":"11_CR12","doi-asserted-by":"crossref","unstructured":"Godefroid, P., Klarlund, N., Sen, K.: DART. In: Programming Language Design and Implementation (PLDI) (2005)","DOI":"10.1145\/1065010.1065036"},{"key":"11_CR13","doi-asserted-by":"crossref","unstructured":"Huang, Y., Huang, S., Lin, T.: Web Application Security Assessment by Fault Injection and Behavior Monitoring. In: 12th World Wide Web Conference (2003)","DOI":"10.1145\/775152.775174"},{"key":"11_CR14","unstructured":"Insecure.org. NMap Network Scanner (2008), http:\/\/www.insecure.org\/nmap\/"},{"key":"11_CR15","doi-asserted-by":"crossref","unstructured":"Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper). In: IEEE Symposium on Security and Privacy (2006)","DOI":"10.1109\/SP.2006.29"},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"Kals, S., Kirda, E., Kruegel, C., Jovanovic, N.: SecuBat: A Web Vulnerability Scanner. In: World Wide Web Conference (2006)","DOI":"10.1145\/1135777.1135817"},{"key":"11_CR17","unstructured":"Mitre. Common Vulnerabilities and Exposures, http:\/\/cve.mitre.org\/"},{"key":"11_CR18","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring Multiple Execution Paths for Malware Analysis. In: IEEE Symposium on Security and Privacy (2007)","DOI":"10.1109\/SP.2007.17"},{"key":"11_CR19","unstructured":"Nikto. Web Server Scanner (2008), http:\/\/www.cirt.net\/code\/nikto.shtml"},{"key":"11_CR20","doi-asserted-by":"crossref","unstructured":"Offutt, J., Abdurazik, A.: Generating Tests from UML Specifications. In: Second International Conference on the Unified Modeling Language (1999)","DOI":"10.1007\/3-540-46852-8_30"},{"key":"11_CR21","series-title":"Lecture Notes in Computer Science","first-page":"383","volume-title":"UML 2000 - The Unified Modeling Language. Advancing the Standard","author":"J. Offutt","year":"2000","unstructured":"Offutt, J., Abdurazik, A.: Using UML Collaboration Diagrams for Static Checking and Test Generation. In: Evans, A., Kent, S., Selic, B. (eds.) UML 2000. LNCS, vol.\u00a01939, pp. 383\u2013395. Springer, Heidelberg (2000)"},{"key":"11_CR22","doi-asserted-by":"crossref","unstructured":"Offutt, J., Liu, S., Abdurazik, A., Ammann, P.: Generating Test Data from State-based Specifications. In: Journal of Software Testing, Verification and Reliability (2003)","DOI":"10.1002\/stvr.264"},{"key":"11_CR23","unstructured":"Poulton, R.: Django Forum Component, http:\/\/code.google.com\/p\/django-forum\/"},{"key":"11_CR24","unstructured":"Satchmo, http:\/\/www.satchmoproject.com\/"},{"key":"11_CR25","doi-asserted-by":"crossref","unstructured":"Scott, D., Sharp, R.: Abstracting Application-level Web Security. In: 11th World Wide Web Conference (2002)","DOI":"10.1145\/511446.511498"},{"key":"11_CR26","unstructured":"WhiteHat Security. Web Application Security 101 (2005), http:\/\/www.whitehatsec.com\/articles\/webappsec101.pdf"},{"key":"11_CR27","doi-asserted-by":"crossref","unstructured":"Su, Z., Wassermann, G.: The Essence of Command Injection Attacks in Web Applications. In: Symposium on Principles of Programming Languages (2006)","DOI":"10.1145\/1111037.1111070"},{"key":"11_CR28","unstructured":"Sun. Java Servlets (2008), http:\/\/java.sun.com\/products\/servlet\/"},{"key":"11_CR29","unstructured":"Tenable Network Security. Nessus Open Source Vulnerability Scanner Project (2008), http:\/\/www.nessus.org\/"},{"key":"11_CR30","unstructured":"Twill. Twill: A Simple Scripting Language for Web Browsing (2008), http:\/\/twill.idyll.org\/"},{"key":"11_CR31","unstructured":"Web Application Attack and Audit Framework, http:\/\/w3af.sourceforge.net\/"},{"key":"11_CR32","unstructured":"Xie, Y., Aiken, A.: Static Detection of Security Vulnerabilities in Scripting Languages. In: 15th USENIX Security Symposium (2006)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-87403-4_11.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,23]],"date-time":"2020-11-23T21:37:25Z","timestamp":1606167445000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-87403-4_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540874027","9783540874034"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-87403-4_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[]}}