{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T03:48:10Z","timestamp":1760586490679,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":24,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642011863"},{"type":"electronic","value":"9783642011870"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-01187-0_12","type":"book-chapter","created":{"date-parts":[[2009,5,4]],"date-time":"2009-05-04T12:53:15Z","timestamp":1241441595000},"page":"141-154","source":"Crossref","is-referenced-by-count":4,"title":["Model-Based Penetration Test Framework for Web Applications Using TTCN-3"],"prefix":"10.1007","author":[{"given":"Pulei","family":"Xiong","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bernard","family":"Stepien","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Liam","family":"Peyton","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"12_CR1","doi-asserted-by":"crossref","unstructured":"Manzuik, S., Gold, A., Gatford, C.: Network Security Assessment: From Vulnerability to Patch. Syngress Publishing (2007)","DOI":"10.1016\/B978-159749101-3\/50005-7"},{"key":"12_CR2","volume-title":"Testing Web Security: Assessing the Security of Web Sites and Applications","author":"S. Splaine","year":"2002","unstructured":"Splaine, S.: Testing Web Security: Assessing the Security of Web Sites and Applications. John Wiley & Sons, Chichester (2002)"},{"key":"12_CR3","unstructured":"Open Source Vulnerability Database (OSVDB), \n                    \n                      http:\/\/osvdb.org\/"},{"key":"12_CR4","unstructured":"CERT Vulnerability Notes Database, \n                    \n                      http:\/\/www.kb.cert.org\/vuls\/"},{"key":"12_CR5","unstructured":"Bugtraq mailing list, \n                    \n                      http:\/\/www.securityfocus.com\/archive\/1"},{"key":"12_CR6","unstructured":"Nessus vulnerability scanner, \n                    \n                      http:\/\/www.nessus.org\/nessus\/"},{"issue":"5","key":"12_CR7","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1109\/MSP.2004.84","volume":"2","author":"B. Potter","year":"2004","unstructured":"Potter, B., McGraw, G.: Software Security Testing. IEEE Security & Privacy\u00a02(5), 81\u201385 (2004)","journal-title":"IEEE Security & Privacy"},{"issue":"1","key":"12_CR8","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1109\/MSP.2005.23","volume":"3","author":"B. Arkin","year":"2005","unstructured":"Arkin, B., Stender, S., McGraw, G.: Software Penetration Testing. IEEE Security & Privacy\u00a03(1), 84\u201387 (2005)","journal-title":"IEEE Security & Privacy"},{"issue":"1","key":"12_CR9","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1109\/MSP.2005.3","volume":"3","author":"H. Thompson","year":"2005","unstructured":"Thompson, H.: Application Penetration Testing. IEEE Security & Privacy\u00a03(1), 66\u201369 (2005)","journal-title":"IEEE Security & Privacy"},{"issue":"6","key":"12_CR10","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1109\/MSP.2007.159","volume":"5","author":"M. Bishop","year":"2007","unstructured":"Bishop, M.: About Penetration Testing. IEEE Security & Privacy\u00a05(6), 84\u201387 (2007)","journal-title":"IEEE Security & Privacy"},{"key":"12_CR11","unstructured":"OWASP TESTING GUIDE Version 3.0, OWASP Foundation (2008)"},{"key":"12_CR12","unstructured":"Andreu, A.: Professional Pen Testing for Web Applications. Wrox Press (2006)"},{"key":"12_CR13","unstructured":"Palmer, S.: Web Application Vulnerabilities: Detect, Exploit, Prevent. Syngress Publishing (2007)"},{"key":"12_CR14","unstructured":"Common Vulnerabilities and Exposures (CVE), \n                    \n                      http:\/\/cve.mitre.org"},{"key":"12_CR15","unstructured":"Common Attack Pattern Enumeration and Classification (CAPEC), \n                    \n                      http:\/\/capec.mitre.org"},{"key":"12_CR16","unstructured":"Common Weakness Enumeration (CWE), \n                    \n                      http:\/\/cwe.mitre.org"},{"key":"12_CR17","unstructured":"SANS Top-20, Security Risks (2007), \n                    \n                      http:\/\/www.sans.org\/top20\/"},{"key":"12_CR18","unstructured":"OWASP TOP Ten (2007), \n                    \n                      http:\/\/www.owasp.org\/index.php\/Top_10_2007"},{"key":"12_CR19","unstructured":"ETSI ES 201 873-1, The Testing and Test Control Notation version 3, Part1: TTCN-3 Core notation, V3.4.1 (September 2008)"},{"key":"12_CR20","doi-asserted-by":"crossref","unstructured":"Probert, R.L., Xiong, P., Stepien, B.: Life-cycle E-Commerce Testing with OO-TTCN-3. In: FORTE 2004 Workshops proceedings (September 2004)","DOI":"10.1007\/978-3-540-30233-9_2"},{"issue":"4","key":"12_CR21","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1007\/s10009-008-0082-1","volume":"10","author":"B. Stepien","year":"2008","unstructured":"Stepien, B., Peyton, L., Xiong, P.: Framework Testing of Web Applications using TTCN-3. International Journal on Software Tools for Technology Transfer\u00a010(4), 371\u2013381 (2008)","journal-title":"International Journal on Software Tools for Technology Transfer"},{"key":"12_CR22","unstructured":"Xiong, P., Probert, R.L., Stepien, B.: An Efficient Formal Testing Approach for Web Service with TTCN-3. In: Proc. of the 13th International Conference on Software, Telecommunications and Computer Networks (SoftCOM 2005) (September 2005)"},{"key":"12_CR23","unstructured":"OWASP WebGoat Project, \n                    \n                      http:\/\/www.owasp.org\/index.php\/Category:OWASP_WebGoat_Project"},{"key":"12_CR24","unstructured":"OWASP WebScarab Project, \n                    \n                      http:\/\/www.owasp.org\/index.php\/Category:OWASP_WebScarab_Project"}],"container-title":["Lecture Notes in Business Information Processing","E-Technologies: Innovation in an Open World"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-01187-0_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,20]],"date-time":"2019-05-20T18:35:06Z","timestamp":1558377306000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-01187-0_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642011863","9783642011870"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-01187-0_12","relation":{},"ISSN":["1865-1348","1865-1356"],"issn-type":[{"type":"print","value":"1865-1348"},{"type":"electronic","value":"1865-1356"}],"subject":[],"published":{"date-parts":[[2009]]}}}