{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,7]],"date-time":"2024-09-07T10:33:57Z","timestamp":1725705237017},"publisher-location":"Berlin, Heidelberg","reference-count":27,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642350627"},{"type":"electronic","value":"9783642350634"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-35063-4_30","type":"book-chapter","created":{"date-parts":[[2012,11,6]],"date-time":"2012-11-06T20:36:15Z","timestamp":1352234175000},"page":"411-425","source":"Crossref","is-referenced-by-count":6,"title":["VAM-aaS: Online Cloud Services Security Vulnerability Analysis and Mitigation-as-a-Service"],"prefix":"10.1007","author":[{"given":"Mohamed","family":"Almorsy","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John","family":"Grundy","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Amani S.","family":"Ibrahim","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"30_CR1","unstructured":"Almorsy, M., Grundy, J., Mueller, I.: An analysis of the cloud computing security problem. In: Asia Pacific Cloud Workshop, APSEC 2010, Sydney, Australia (2010)"},{"key":"30_CR2","doi-asserted-by":"crossref","unstructured":"Bau, J., et al.: State of the Art: Automated Black-Box Web Application Vulnerability Testing. In: 2010 IEEE Symposium on Security and Privacy (2010)","DOI":"10.1109\/SP.2010.27"},{"key":"30_CR3","first-page":"247","volume-title":"Proc. of 15th Int. Conf. on World Wide, Web 2006","author":"S. Kals","year":"2006","unstructured":"Kals, S., et al.: SecuBat: a web vulnerability scanner. In: Proc. of 15th Int. Conf. on World Wide, Web 2006, pp. 247\u2013256. ACM, Edinburgh (2006)"},{"key":"30_CR4","unstructured":"Felmetsger, V., et al.: Toward automated detection of logic vulnerabilities in web applications. In: 19th USENIX Conf. on Security, Washington, DC (2010)"},{"key":"30_CR5","doi-asserted-by":"crossref","unstructured":"Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: a static analysis tool for detecting Web application vulnerabilities. In: IEEE Symposium on Security and Privacy (2006)","DOI":"10.1109\/SP.2006.29"},{"key":"30_CR6","doi-asserted-by":"crossref","unstructured":"Dasgupta, A., Narasayya, V., Syamala, M.: A Static Analysis Framework for Database Applications. In: 2009 IEEE Int. Conf. on Data Engineering (2009)","DOI":"10.1109\/ICDE.2009.98"},{"key":"30_CR7","doi-asserted-by":"crossref","unstructured":"Martin, M., Livshits, B., Lam, M.: Finding application errors and security flaws using PQL: a program query language. In: 20th Conf. on Object-oriented Programming, Systems, Languages, and Applications, CA, USA (2005)","DOI":"10.1145\/1094811.1094840"},{"key":"30_CR8","doi-asserted-by":"crossref","unstructured":"Lam, M.S., et al.: Securing web applications with static and dynamic information flow tracking. In: Symposium on Partial Evaluation and Semantics-based Program Manipulation, California, USA (2008)","DOI":"10.1145\/1328408.1328410"},{"key":"30_CR9","doi-asserted-by":"crossref","unstructured":"Kieyzun, A., et al.: Automatic creation of SQL Injection and cross-site scripting attacks. In: 31st Int. Conf. on Software Engineering (2009)","DOI":"10.1109\/ICSE.2009.5070521"},{"key":"30_CR10","doi-asserted-by":"crossref","unstructured":"Halfond, W.G.J., Orso, A., Manolios, P.: Using positive tainting and syntax-aware evaluation to counter SQL injection attacks. In: 14th Int. Symposium on Foundations of Software Engineering, Oregon, USA (2006)","DOI":"10.1145\/1181775.1181797"},{"key":"30_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"150","DOI":"10.1007\/978-3-642-23822-2_9","volume-title":"Computer Security \u2013 ESORICS 2011","author":"J. Weinberger","year":"2011","unstructured":"Weinberger, J., Saxena, P., Akhawe, D., Finifter, M., Shin, R., Song, D.: A Systematic Analysis of XSS Sanitization in Web Application Frameworks. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol.\u00a06879, pp. 150\u2013171. Springer, Heidelberg (2011)"},{"key":"30_CR12","volume-title":"30th Int. Conf. on Software Engineering","author":"G. Wassermann","year":"2008","unstructured":"Wassermann, G., Su, Z.: Static detection of cross-site scripting vulnerabilities. In: 30th Int. Conf. on Software Engineering. ACM, Leipzig (2008)"},{"key":"30_CR13","first-page":"1","volume-title":"20th USENIX Conf. on Security 2011","author":"P. Hooimeijer","year":"2011","unstructured":"Hooimeijer, P., et al.: Fast and precise sanitizer analysis with BEK. In: 20th USENIX Conf. on Security 2011, p. 1. USENIX Association, San Francisco (2011)"},{"key":"30_CR14","doi-asserted-by":"crossref","unstructured":"Balzarotti, D., et al.: Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications. In: IEEE Security and Privacy (2008)","DOI":"10.1109\/SP.2008.22"},{"key":"30_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-22110-1_1","volume-title":"Computer Aided Verification","author":"V. Ganesh","year":"2011","unstructured":"Ganesh, V., Kie\u017cun, A., Artzi, S., Guo, P.J., Hooimeijer, P., Ernst, M.: HAMPI: A String Solver for Testing, Analysis and Vulnerability Detection. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol.\u00a06806, pp. 1\u201319. Springer, Heidelberg (2011)"},{"key":"30_CR16","doi-asserted-by":"crossref","unstructured":"Monga, M., Paleari, R., Passerini, E.: A hybrid analysis framework for detecting web application vulnerabilities. In: 2009 ICSE Workshop on Software Engineering for Secure Systems, pp. 25\u201332 (2009)","DOI":"10.1109\/IWSESS.2009.5068455"},{"key":"30_CR17","doi-asserted-by":"crossref","unstructured":"Zhang, R., et al.: Static program analysis assisted dynamic taint tracking for software vulnerability discovery. In: Computers & Mathematics with Application, pp. 469\u2013480 (2012)","DOI":"10.1016\/j.camwa.2011.08.001"},{"key":"30_CR18","unstructured":"NIST: Source Code Security Analysis Tool Functional Specification Version 1.1. In: NIST Special Publication 500-268 (May 2007) (accessed 2011)"},{"key":"30_CR19","doi-asserted-by":"crossref","unstructured":"Wurzinger, P., et al.: SWAP: mitigating XSS attacks using a reverse proxy. In: ICSE Workshop on Software Engineering for Secure Systems, Vancouver, pp. 33\u201339 (2009)","DOI":"10.1109\/IWSESS.2009.5068456"},{"key":"30_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1007\/978-3-540-70542-0_2","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"P. Bisht","year":"2008","unstructured":"Bisht, P., Venkatakrishnan, V.N.: XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol.\u00a05137, pp. 23\u201343. Springer, Heidelberg (2008)"},{"key":"30_CR21","doi-asserted-by":"crossref","unstructured":"Kotha, R., Prasad, K., Naik, D.: Analysis of XSS attack Mitigation techniques based on Platforms and Browsers. In: SEA, CLOUD, DKMP, CS & IT, vol.\u00a05, pp. 395\u2013405 (2012)","DOI":"10.5121\/csit.2012.2240"},{"key":"30_CR22","unstructured":"Vogt, P., et al.: Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In: Network and Distributed System Security Symposium, San Diego, CA (2007)"},{"key":"30_CR23","unstructured":"CENZIC: Web Applications Security Trends Reports Q1-Q2 2010 (2010), \n                    \n                      cenzic.com\/downloads\/Cenzic_AppSecTrends_Q1-Q2-2010.pdf"},{"key":"30_CR24","unstructured":"OWASP: Open Web Application Security Project, \n                    \n                      https:\/\/www.owasp.org"},{"key":"30_CR25","unstructured":"CWE: Common Weaknesses Enumeration, \n                    \n                      http:\/\/cwe.mitre.org"},{"key":"30_CR26","unstructured":"SharpDevelop, \n                    \n                      http:\/\/wiki.sharpdevelop.net\/"},{"key":"30_CR27","unstructured":"Yiihaw:YIIHAW Is an Intelligent and High-performing Aspect Weave, \n                    \n                      http:\/\/yiihaw.tigris.org\/"}],"container-title":["Lecture Notes in Computer Science","Web Information Systems Engineering - WISE 2012"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-35063-4_30","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,8]],"date-time":"2019-05-08T14:57:38Z","timestamp":1557327458000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-35063-4_30"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642350627","9783642350634"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-35063-4_30","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2012]]}}}