{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T02:13:21Z","timestamp":1743128001279,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":27,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642333378"},{"type":"electronic","value":"9783642333385"}],"license":[{"start":{"date-parts":[[2012,1,1]],"date-time":"2012-01-01T00:00:00Z","timestamp":1325376000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-33338-5_13","type":"book-chapter","created":{"date-parts":[[2012,9,26]],"date-time":"2012-09-26T01:17:07Z","timestamp":1348622227000},"page":"254-273","source":"Crossref","is-referenced-by-count":4,"title":["DEMACRO: Defense against Malicious Cross-Domain Requests"],"prefix":"10.1007","author":[{"given":"Sebastian","family":"Lekies","sequence":"first","affiliation":[]},{"given":"Nick","family":"Nikiforakis","sequence":"additional","affiliation":[]},{"given":"Walter","family":"Tighzert","sequence":"additional","affiliation":[]},{"given":"Frank","family":"Piessens","sequence":"additional","affiliation":[]},{"given":"Martin","family":"Johns","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"13_CR1","unstructured":"Adobe. Adobe - security bulletins and advisories"},{"key":"13_CR2","unstructured":"Adobe Systems Inc. Cross-domain policy file specification (January 2010), \n                      http:\/\/www.adobe.com\/devnet\/articles\/crossdomain_policy_file_spec.html"},{"key":"13_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1007\/978-3-642-22263-4_12","volume-title":"Privacy Enhancing Technologies","author":"F. Beato","year":"2011","unstructured":"Beato, F., Kohlweiss, M., Wouters, K.: Scramble! Your Social Network Data. In: Fischer-H\u00fcbner, S., Hopper, N. (eds.) PETS 2011. LNCS, vol.\u00a06794, pp. 211\u2013225. Springer, Heidelberg (2011)"},{"key":"13_CR4","unstructured":"Burns, J.: Cross Site Request Forgery - An introduction to a common web application weakness. Whitepaper (2005), \n                      https:\/\/www.isecpartners.com\/documents\/XSRF_Paper.pdf"},{"key":"13_CR5","unstructured":"Water and Stone: Open Source CMS Market Share Report (2010)"},{"key":"13_CR6","doi-asserted-by":"crossref","unstructured":"Egele, M., Moser, A., Kruegel, C., Kirda, E.: Pox: Protecting users from malicious facebook applications. In: Proceedings of the 3rd IEEE International Workshop on Security in Social Networks (SESOC), pp. 288\u2013294 (2011)","DOI":"10.1109\/PERCOMW.2011.5766885"},{"key":"13_CR7","unstructured":"Grossman, J.: crossdomain.xml statistics, \n                      http:\/\/jeremiahgrossman.blogspot.com\/2006\/10\/crossdomainxml-statistics.html"},{"key":"13_CR8","unstructured":"Grossman, J.: I used to know what you watched, on YouTube (September 2008), \n                      http:\/\/jeremiahgrossman.blogspot.com\/2008\/09\/i-used-to-know-what-you-watched-on.html\n                     (accessed in January 2011)"},{"key":"13_CR9","unstructured":"Jang, D., Venkataraman, A., Swaka, G.M., Shacham, H.: Analyzing the Cross-domain Policies of Flash Applications. In: Proceedings of the 5th Workshop on Web 2.0 Security and Privacy, W2SP (2011)"},{"key":"13_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/978-3-642-22424-9_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M. Johns","year":"2011","unstructured":"Johns, M., Lekies, S.: Biting the Hand That Serves You: A Closer Look at Client-Side Flash Proxies for Cross-Domain Requests. In: Holz, T., Bos, H. (eds.) DIMVA 2011. LNCS, vol.\u00a06739, pp. 85\u2013103. Springer, Heidelberg (2011)"},{"key":"13_CR11","unstructured":"Johns, M., Winter, J.: RequestRodeo: Client Side Protection against Session Riding. In: Proceedings of the OWASP Europe 2006 Conference (2006)"},{"key":"13_CR12","doi-asserted-by":"crossref","unstructured":"Kirda, E., Kruegel, C., Vigna, G., Jovanovic, N.: Noxes: A Client-Side Solution for Mitigating Cross Site Scripting Attacks. In: Security Track of the 21st ACM Symposium on Applied Computing (SAC) (April 2006)","DOI":"10.1145\/1141277.1141357"},{"key":"13_CR13","doi-asserted-by":"crossref","unstructured":"Kontaxis, G., Antoniades, D., Polakis, I., Markatos, E.P.: An empirical study on the security of cross-domain policies in rich internet applications. In: Proceedings of the 4th European Workshop on Systems Security, EUROSEC (2011)","DOI":"10.1145\/1972551.1972558"},{"key":"13_CR14","unstructured":"Lekies, S., Johns, M., Tighzert, W.: The state of the cross-domain nation. In: Proceedings of the 5th Workshop on Web 2.0 Security and Privacy, W2SP (2011)"},{"key":"13_CR15","unstructured":"Malaria - i\u2019m in your browser, surfin your webs (2010), \n                      http:\/\/erlend.oftedal.no\/blog\/?blogid=107"},{"key":"13_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1007\/978-3-642-19125-1_7","volume-title":"Engineering Secure Software and Systems","author":"N. Nikiforakis","year":"2011","unstructured":"Nikiforakis, N., Meert, W., Younan, Y., Johns, M., Joosen, W.: SessionShield: Lightweight Protection against Session Hijacking. In: Erlingsson, \u00da., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol.\u00a06542, pp. 87\u2013100. Springer, Heidelberg (2011)"},{"key":"13_CR17","unstructured":"Rich internet application (ria) market share, \n                      http:\/\/www.statowl.com\/custom_ria_market_penetration.php"},{"key":"13_CR18","unstructured":"Rios, B.B.: Cross domain hole caused by google docs, \n                      http:\/\/xs-sniper.com\/blog\/Google-Docs-Cross-Domain-Hole\/"},{"key":"13_CR19","unstructured":"Ruderman, J.: The Same Origin Policy (August 2001), \n                      http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html\n                     (October 01, 2006)"},{"key":"13_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1007\/978-3-642-04444-1_6","volume-title":"Computer Security \u2013 ESORICS 2009","author":"A. Russo","year":"2009","unstructured":"Russo, A., Sabelfeld, A., Chudnov, A.: Tracking Information Flow in Dynamic Tree Structures. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol.\u00a05789, pp. 86\u2013103. Springer, Heidelberg (2009)"},{"key":"13_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1007\/978-3-642-11747-3_2","volume-title":"Engineering Secure Software and Systems","author":"P. De Ryck","year":"2010","unstructured":"De Ryck, P., Desmet, L., Heyman, T., Piessens, F., Joosen, W.: CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol.\u00a05965, pp. 18\u201334. Springer, Heidelberg (2010)"},{"key":"13_CR22","doi-asserted-by":"crossref","unstructured":"Shahriar, H., Zulkernine, M.: Client-side detection of cross-site request forgery attacks. In: 2010 IEEE 21st International Symposium on Software Reliability Engineering (ISSRE), pp. 358\u2013367 (2010)","DOI":"10.1109\/ISSRE.2010.12"},{"key":"13_CR23","doi-asserted-by":"crossref","unstructured":"Tang, S., Dautenhahn, N., King, S.T.: Fortifying web-based applications automatically. In: Proceedings of the 8th ACM Conference on Computer and Communications Security (2011)","DOI":"10.1145\/2046707.2046777"},{"key":"13_CR24","unstructured":"Vogt, P., Nentwich, F., Jovanovic, N., Kruegel, C., Kirda, E., Vigna, G.: Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In: Proceedings of the 14th Annual Network and Distributed System Security Symposium, NDSS 2007 (2007)"},{"key":"13_CR25","unstructured":"W3C. Cross-Origin Resource Sharing, \n                      http:\/\/www.w3.org\/TR\/cors\/"},{"key":"13_CR26","unstructured":"The Cross-site Scripting FAQ, \n                      http:\/\/www.cgisecurity.com\/xss-faq.html"},{"key":"13_CR27","unstructured":"Zhou, Y., Evans, D.: Why Aren\u2019t HTTP-only Cookies More Widely Deployed? In: Proceedings of 4th Web 2.0 Security and Privacy Workshop, W2SP 2010 (2010)"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-33338-5_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,8,9]],"date-time":"2021-08-09T19:07:45Z","timestamp":1628536065000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-642-33338-5_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642333378","9783642333385"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-33338-5_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2012]]}}}