{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T18:59:23Z","timestamp":1725562763742},"publisher-location":"Berlin, Heidelberg","reference-count":30,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642137389"},{"type":"electronic","value":"9783642137396"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-13739-6_15","type":"book-chapter","created":{"date-parts":[[2010,8,24]],"date-time":"2010-08-24T11:23:50Z","timestamp":1282649030000},"page":"225-240","source":"Crossref","is-referenced-by-count":7,"title":["Enforcing Request Integrity in Web Applications"],"prefix":"10.1007","author":[{"given":"Karthick","family":"Jayaraman","sequence":"first","affiliation":[]},{"given":"Grzegorz","family":"Lewandowski","sequence":"additional","affiliation":[]},{"given":"Paul G.","family":"Talaga","sequence":"additional","affiliation":[]},{"given":"Steve J.","family":"Chapin","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"15_CR1","unstructured":"Williams, J., Wichers, D.: OWASP Top 10 2010 rc1, http:\/\/www.owasp.org\/images\/0\/0f\/OWASP_T10_-_2010_rc1.pdf"},{"key":"15_CR2","doi-asserted-by":"crossref","unstructured":"Halfond, W.G., Anand, S., Orso, A.: Precise interface identification to improve testing and analysis of web applications. In: ISSTA (2009)","DOI":"10.1145\/1572272.1572305"},{"key":"15_CR3","doi-asserted-by":"crossref","unstructured":"Wang, W., Lei, Y., Sampath, S., Kacker, R., Kuhn, R., Lawrence, J.: A combinatorial approach to building navigation graphs for dynamic web applications. In: ICSM (2009)","DOI":"10.1109\/ICSM.2009.5306321"},{"key":"15_CR4","doi-asserted-by":"crossref","unstructured":"Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: Hypertext Transfer Protocol \u2013 HTTP\/1.1. RFC 2616, Draft Standard (1999)","DOI":"10.17487\/rfc2616"},{"key":"15_CR5","doi-asserted-by":"crossref","unstructured":"Jovanovic, N., Kirda, E., Kruegel, C.: Preventing Cross Site Request Forgery Attacks. In: IEEE Secure Comm. (2006)","DOI":"10.1109\/SECCOMW.2006.359531"},{"key":"15_CR6","doi-asserted-by":"crossref","unstructured":"Barth, A., Jackson, C., Mitchell, J.C.: Robust Defenses for Cross-Site Request Forgery. In: ACM CCS (2008)","DOI":"10.1145\/1455770.1455782"},{"key":"15_CR7","unstructured":"Ruderman, J.: The Same origin policy, https:\/\/developer.mozilla.org\/En\/Same_origin_policy_for_JavaScript"},{"key":"15_CR8","unstructured":"phpBB Group: phpbb, http:\/\/www.phpbb.com\/"},{"key":"15_CR9","unstructured":"PunBB: Punbb, http:\/\/punbb.informer.com\/"},{"key":"15_CR10","unstructured":"SCARF, http:\/\/scarf.sourceforge.net\/"},{"key":"15_CR11","unstructured":"osCommerce, http:\/\/www.oscommerce.com\/"},{"key":"15_CR12","unstructured":"WebCalendar, http:\/\/sourceforge.net\/projects\/webcalendar\/"},{"key":"15_CR13","unstructured":"Bookstore, http:\/\/www.gotocode.com\/apps.asp?app_id=3&\/"},{"key":"15_CR14","unstructured":"Classifieds, http:\/\/www.gotocode.com\/apps.asp?app_id=5&\/"},{"key":"15_CR15","unstructured":"Employee, http:\/\/www.gotocode.com\/apps.asp?app_id=6&\/"},{"key":"15_CR16","unstructured":"Events, http:\/\/www.gotocode.com\/apps.asp?app_id=7&\/"},{"key":"15_CR17","doi-asserted-by":"crossref","unstructured":"Wagner, D., Dean, D.: Intrusion Detection via Static Analysis. In: IEEE SP (2001)","DOI":"10.1109\/SECPRI.2001.924296"},{"key":"15_CR18","doi-asserted-by":"crossref","unstructured":"Xu, H., Du, W., Chapin, S.J.: Context Sensitive Anomaly Monitoring of Process Control Flow To Detect Mimicry Attacks and Impossible Paths. In: RAID (2004)","DOI":"10.1007\/978-3-540-30143-1_2"},{"key":"15_CR19","doi-asserted-by":"crossref","unstructured":"Guha, A., Krishnamurthu, S., Jim, T.: Using Static Analysis for Ajax Intrusion Detection. In: WWW (2009)","DOI":"10.1145\/1526709.1526785"},{"key":"15_CR20","doi-asserted-by":"crossref","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: ACM CCS (2005)","DOI":"10.1145\/1102120.1102165"},{"key":"15_CR21","unstructured":"Cova, M., Balzarotti, D., Felmetsger, V., Vigna, G.: Swaddler: An Approach for the Anomaly-based Detection of State Violations in Web Applications. In: RAID (2007)"},{"key":"15_CR22","doi-asserted-by":"crossref","unstructured":"Ingham, K.L., Somayaji, A., Burge, J., Forrest, S.: Learning DFA representations of HTTP for protecting web applications. Computer Networks\u00a051(5) (2007)","DOI":"10.1016\/j.comnet.2006.09.016"},{"key":"15_CR23","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: ACM CCS (2003)","DOI":"10.1145\/948109.948144"},{"key":"15_CR24","doi-asserted-by":"crossref","unstructured":"Valeur, F., Vigna, G., Kruegel, C., Kirda, E.: An anomaly-driven reverse proxy for web applications. In: ACM SAC (2006)","DOI":"10.1145\/1141277.1141361"},{"key":"15_CR25","unstructured":"Johns, M., Winter, J.: RequestRodeo: Client-side Protection Against Session Riding. In: OWASP Europe (2006)"},{"key":"15_CR26","doi-asserted-by":"crossref","unstructured":"Mao, Z., Li, N., Molloy, I.: Defeating Cross-Site Request Forgery Attacks with Browser-Enforced Authenticity Protection. In: Financial Cryptography and Data Security (2009)","DOI":"10.1007\/978-3-642-03549-4_15"},{"key":"15_CR27","doi-asserted-by":"crossref","unstructured":"Kerschbaum, F.: Simple cross-site attack prevention. In: Secure Comm. (2007)","DOI":"10.1109\/SECCOM.2007.4550368"},{"key":"15_CR28","doi-asserted-by":"crossref","unstructured":"Vikram, K., Prateek, A., Livshits, B.: Ripley: Automatically securing web 2.0 applications through replicated execution. In: ACM CCS (2009)","DOI":"10.1145\/1653662.1653685"},{"key":"15_CR29","unstructured":"Chong, S., Vikram, K., Myers, A.C.: SIF: Enforcing confidentiality and integrity in web applications. In: USENIX-SS (2007)"},{"key":"15_CR30","unstructured":"Robertson, W., Vigna, G.: Static Enforcement of Web Application Integrity Through Strong Typing. In: USENIX-SS (2009)"}],"container-title":["Lecture Notes in Computer Science","Data and Applications Security and Privacy XXIV"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-13739-6_15.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T02:42:30Z","timestamp":1606185750000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-13739-6_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642137389","9783642137396"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-13739-6_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2010]]}}}