{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T03:50:17Z","timestamp":1760586617779},"publisher-location":"Berlin, Heidelberg","reference-count":28,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642294198"},{"type":"electronic","value":"9783642294204"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-29420-4_12","type":"book-chapter","created":{"date-parts":[[2012,6,25]],"date-time":"2012-06-25T13:12:33Z","timestamp":1340629953000},"page":"182-197","source":"Crossref","is-referenced-by-count":10,"title":["Type-Based Enforcement of Secure Programming Guidelines \u2014 Code Injection Prevention at SAP"],"prefix":"10.1007","author":[{"given":"Robert","family":"Grabowski","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Martin","family":"Hofmann","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Keqin","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"12_CR1","unstructured":"Open Web Application Security Project: The OWASP Application Security Verification Standard Project, \n                  \n                    http:\/\/www.owasp.org\/index.php\/ASVS"},{"key":"12_CR2","unstructured":"Wiegenstein, A.: A short story about Cross Site Scripting SAP Blog, \n                  \n                    http:\/\/www.sdn.sap.com\/irj\/scn\/weblogs?blog=\/pub\/wlg\/2422"},{"key":"12_CR3","unstructured":"Hildenbrand, P.: Guard your web applications against XSS attacks: Output encoding functionality from SAP. SAP Insider\u00a08(2) (2007)"},{"key":"12_CR4","unstructured":"Open Web Application Security Project: The OWASP ten most critical web application security risks, \n                  \n                    http:\/\/owasptop10.googlecode.com\/"},{"key":"12_CR5","first-page":"258","volume-title":"2006 IEEE Symp. on Security and Privacy (SP 2006)","author":"N. Jovanovic","year":"2006","unstructured":"Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: A static analysis tool for detecting web application vulnerabilities (short paper). In: 2006 IEEE Symp. on Security and Privacy (SP 2006), pp. 258\u2013263. IEEE Computer Society, Washington, DC, USA (2006)"},{"key":"12_CR6","unstructured":"Wikipedia: Cross-site scripting (2011), \n                  \n                    http:\/\/en.wikipedia.org\/w\/index.php?title=Cross-site_scripting&oldid=417581017\n                  \n                  \n                 (online accessed March 14, 2011)"},{"key":"12_CR7","first-page":"372","volume-title":"33rd Symposium on Principles of Programming Languages (POPL 2006)","author":"Z. Su","year":"2006","unstructured":"Su, Z., Wassermann, G.: The essence of command injection attacks in web applications. In: 33rd Symposium on Principles of Programming Languages (POPL 2006), Charleston, SC, pp. 372\u2013382. ACM Press, New York (2006)"},{"issue":"1","key":"12_CR8","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1016\/j.entcs.2005.02.033","volume":"141","author":"P. Cr\u00e9gut","year":"2005","unstructured":"Cr\u00e9gut, P., Alvarado, C.: Improving the Security of Downloadable Java Applications With Static Analysis. Electr. Notes Theor. Comp. Sci.\u00a0141(1), 129\u2013144 (2005)","journal-title":"Electr. Notes Theor. Comp. Sci."},{"key":"12_CR9","volume-title":"Conf. on Prog. Lang. Design and Implementation (PLDI 2007)","author":"G. Wassermann","year":"2007","unstructured":"Wassermann, G., Su, Z.: Sound and Precise Analysis of Web Applications for Injection Vulnerabilities. In: Conf. on Prog. Lang. Design and Implementation (PLDI 2007), San Diego, CA. ACM Press, New York (2007)"},{"key":"12_CR10","first-page":"18","volume-title":"14th USENIX Security Symposium (SSYM 2005)","author":"V.B. Livshits","year":"2005","unstructured":"Livshits, V.B., Lam, M.S.: Finding security vulnerabilities in Java applications with static analysis. In: 14th USENIX Security Symposium (SSYM 2005), p. 18. USENIX Association, Berkeley (2005)"},{"key":"12_CR11","unstructured":"Pierce, B.C.: Types and Programming Languages. MIT Press (2002)"},{"key":"12_CR12","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-662-03811-6","volume-title":"Principles of Program Analysis","author":"F. Nielson","year":"1999","unstructured":"Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (1999)"},{"key":"12_CR13","unstructured":"SAP AG: SAP NetWeaver 7.0 Knowledge Center, \n                  \n                    http:\/\/help.sap.com\/content\/documentation\/netweaver\/"},{"key":"12_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1007\/11693024_3","volume-title":"Programming Languages and Systems","author":"M.O. Hofmann","year":"2006","unstructured":"Hofmann, M.O., Jost, S.: Type-Based Amortised Heap-Space Analysis. In: Sestoft, P. (ed.) ESOP 2006. LNCS, vol.\u00a03924, pp. 22\u201337. Springer, Heidelberg (2006)"},{"key":"12_CR15","doi-asserted-by":"crossref","unstructured":"Igarashi, A., Pierce, B., Wadler, P.: Featherweight Java: A minimal core calculus for Java and GJ. In: 1999 Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 1999). ACM (1999)","DOI":"10.1145\/320384.320395"},{"key":"12_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1007\/978-3-642-17511-4_6","volume-title":"Logic for Programming, Artificial Intelligence, and Reasoning","author":"L. Beringer","year":"2010","unstructured":"Beringer, L., Grabowski, R., Hofmann, M.: Verifying Pointer and String Analyses with Region Type Systems. In: Clarke, E.M., Voronkov, A. (eds.) LPAR-16 2010. LNCS, vol.\u00a06355, pp. 82\u2013102. Springer, Heidelberg (2010)"},{"key":"12_CR17","unstructured":"Shivers, O.: Control-Flow Analysis of Higher-Order Languages, or Taming Lambda. PhD thesis. Carnegie Mellon University, Pittsburgh, PA, USA (1991)"},{"key":"12_CR18","doi-asserted-by":"publisher","first-page":"242","DOI":"10.1145\/178243.178264","volume-title":"Conf. on Programming language design and implementation (PLDI 1994)","author":"M. Emami","year":"1994","unstructured":"Emami, M., Ghiya, R., Hendren, L.J.: Context-sensitive interprocedural points-to analysis in the presence of function pointers. In: Conf. on Programming language design and implementation (PLDI 1994), pp. 242\u2013256. ACM, New York (1994)"},{"issue":"6","key":"12_CR19","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1145\/996893.996859","volume":"39","author":"J. Whaley","year":"2004","unstructured":"Whaley, J., Lam, M.S.: Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. SIGPLAN Not.\u00a039(6), 131\u2013144 (2004)","journal-title":"SIGPLAN Not."},{"key":"12_CR20","unstructured":"Grabowski, R.: Type-Based Java String Analysis (2011), \n                  \n                    http:\/\/jsa.tcs.ifi.lmu.de\/"},{"key":"12_CR21","unstructured":"Tse, S., Zdancewic, S.: Fjavac: a functional Java compile (2006), \n                  \n                    http:\/\/www.cis.upenn.edu\/~stevez\/stse-work\/javac\/index.html"},{"key":"12_CR22","first-page":"335","volume":"9","author":"F. Nielson","year":"2002","unstructured":"Nielson, F., Nielson, H.R., Seidl, H.: A succinct solver for alfp. Nordic J. of Computing\u00a09, 335\u2013372 (2002)","journal-title":"Nordic J. of Computing"},{"key":"12_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"150","DOI":"10.1007\/978-3-642-23822-2_9","volume-title":"Computer Security \u2013 ESORICS 2011","author":"J. Weinberger","year":"2011","unstructured":"Weinberger, J., Saxena, P., Akhawe, D., Finifter, M., Shin, R., Song, D.: A Systematic Analysis of XSS Sanitization in Web Application Frameworks. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol.\u00a06879, pp. 150\u2013171. Springer, Heidelberg (2011)"},{"key":"12_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-44898-5_1","volume-title":"Static Analysis","author":"A.S. Christensen","year":"2003","unstructured":"Christensen, A.S., M\u00f8ller, A., Schwartzbach, M.I.: Precise Analysis of String Expressions. In: Cousot, R. (ed.) SAS 2003. LNCS, vol.\u00a02694, pp. 1\u201318. Springer, Heidelberg (2003)"},{"key":"12_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1007\/978-3-642-17164-2_10","volume-title":"Programming Languages and Systems","author":"A. Annamaa","year":"2010","unstructured":"Annamaa, A., Breslav, A., Kabanov, J., Vene, V.: An Interactive Tool for Analyzing Embedded SQL Queries. In: Ueda, K. (ed.) APLAS 2010. LNCS, vol.\u00a06461, pp. 131\u2013138. Springer, Heidelberg (2010)"},{"key":"12_CR26","doi-asserted-by":"crossref","unstructured":"Tabuchi, N., Sumii, E., Yonezawa, A.: Regular expression types for strings in a text processing language. Electr. Notes Theor. Comput. Sci.\u00a075 (2002)","DOI":"10.1016\/S1571-0661(04)80781-3"},{"key":"12_CR27","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1552309.1552313","volume":"31","author":"M. Bartoletti","year":"2009","unstructured":"Bartoletti, M., Degano, P., Ferrari, G.L., Zunino, R.: Local policies for resource usage analysis. ACM Trans. Program. Lang. Syst.\u00a031, 23:1\u201323:43 (2009)","journal-title":"ACM Trans. Program. Lang. Syst."},{"key":"12_CR28","doi-asserted-by":"crossref","unstructured":"Skalka, C., Smith, S.: History effects and verification. In: Asian Programming Languages Symposium (November 2004)","DOI":"10.1007\/978-3-540-30477-7_8"}],"container-title":["Lecture Notes in Computer Science","Formal Aspects of Security and Trust"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-29420-4_12.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,4]],"date-time":"2021-05-04T11:00:54Z","timestamp":1620126054000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-29420-4_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642294198","9783642294204"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-29420-4_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2012]]}}}