{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,2]],"date-time":"2025-05-02T04:10:09Z","timestamp":1746159009203,"version":"3.40.4"},"publisher-location":"Berlin, Heidelberg","reference-count":35,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642545672"},{"type":"electronic","value":"9783642545689"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-642-54568-9_20","type":"book-chapter","created":{"date-parts":[[2014,3,20]],"date-time":"2014-03-20T14:31:35Z","timestamp":1395325895000},"page":"316-332","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Enforcing Input Validation through Aspect Oriented Programming"],"prefix":"10.1007","author":[{"given":"Gabriel","family":"Serme","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Theodoor","family":"Scholte","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anderson Santana","family":"de Oliveira","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2014,3,21]]},"reference":[{"key":"20_CR1","doi-asserted-by":"crossref","unstructured":"Balzarotti, D., Cova, M., Felmetsger, V., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G.: Saner: composing static and dynamic analysis to validate sanitization in web applications. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy, SP \u201908, pp. 387\u2013401. IEEE Computer Society, Washington, DC (2008). http:\/\/dx.doi.org\/10.1109\/SP.2008.22","DOI":"10.1109\/SP.2008.22"},{"key":"20_CR2","unstructured":"Bernard, E., Peterson, S.: JSR 303: bean validation, bean validation expert group. http:\/\/jcp.org\/aboutJava\/communityprocess\/pfd\/jsr303\/index.html (2009)"},{"key":"20_CR3","unstructured":"Chen, S.: The web application vulnerability scanner evaluation project - v1.2. https:\/\/code.google.com\/p\/wavsep\/ (2012)"},{"key":"20_CR4","unstructured":"Foundation, T.A.S.: Struts 2. http:\/\/struts.apache.org\/ (2011)"},{"key":"20_CR5","doi-asserted-by":"crossref","unstructured":"Hafiz, M., Johnson, R.: Improving perimeter security with security-oriented program transformations. In: ICSE Workshop on Software Engineering for Secure Systems, SESS \u201909, pp. 61\u201367 (2009)","DOI":"10.1109\/IWSESS.2009.5068460"},{"key":"20_CR6","doi-asserted-by":"crossref","unstructured":"Halfond, W.G.J., Orso, A., Manolios, P.: Using positive tainting and syntax-aware evaluation to counter sql injection attacks. In: Proceedings of the 14th ACM SIGSOFT International Symposium on Foundations of Software Engineering, SIGSOFT \u201906\/FSE-14, pp. 175\u2013185. ACM, New York http:\/\/doi.acm.org\/10.1145\/1181775.1181797 (2006)","DOI":"10.1145\/1181775.1181797"},{"key":"20_CR7","unstructured":"Hookom, J.: Validating objects through metadata. http:\/\/www.onjava.com\/pub\/a\/onjava\/2005\/01\/19\/metadata_validation.html (2005)"},{"key":"20_CR8","doi-asserted-by":"crossref","unstructured":"Huang, Y.W., Yu, F., Hang, C., Tsai, C.H., Lee, D.T., Kuo, S.Y.: Securing web application code by static analysis and runtime protection. In: WWW \u201904: Proceedings of the 13th International Conference on World Wide Web, pp. 40\u201352. ACM, New York (2004)","DOI":"10.1145\/988672.988679"},{"key":"20_CR9","unstructured":"Imperva: The securesphere web application firewall. http:\/\/www.imperva.com\/products\/wsc_web-application-firewall.html (2011)"},{"key":"20_CR10","unstructured":"Inc., B.N.: The barracuda web application firewall. http:\/\/www.barracudanetworks.com\/ns\/products\/web-site-firewall-overview.php (2011)"},{"key":"20_CR11","doi-asserted-by":"crossref","unstructured":"Ismail, O., Etoh, M., Kadobayashi, Y., Yamaguchi, S.: A proposal and implementation of automatic detection\/collection system for cross-site scripting vulnerability. In: 18th International Conference on Advanced Information Networking and Applications, AINA 2004, vol. 1, pp. 145\u2013151 (2004)","DOI":"10.1109\/AINA.2004.1283902"},{"key":"20_CR12","unstructured":"JBoss: Hibernate validator. http:\/\/hibernate.org\/subprojects\/validator (2011)"},{"key":"20_CR13","doi-asserted-by":"crossref","unstructured":"Jim, T., Swamy, N., Hicks, M.: Defeating script injection attacks with browser-enforced embedded policies. In: Proceedings of the 16th International Conference on World Wide Web, WWW \u201907, pp. 601\u2013610. ACM, New York (2007). http:\/\/doi.acm.org\/10.1145\/1242572.1242654","DOI":"10.1145\/1242572.1242654"},{"key":"20_CR14","doi-asserted-by":"crossref","unstructured":"Johns, M., Beyerlein, C.: Smask: preventing injection attacks in web applications by approximating automatic data\/code separation. In: Proceedings of the 2007 ACM Symposium on Applied Computing, SAC \u201907, pp. 284\u2013291. ACM, New York (2007). http:\/\/doi.acm.org\/10.1145\/1244002.1244071","DOI":"10.1145\/1244002.1244071"},{"key":"20_CR15","series-title":"LNCS","first-page":"96","volume-title":"ESSoS 2010","author":"M Johns","year":"2010","unstructured":"Johns, M., Beyerlein, C., Giesecke, R., Posegga, J.: Secure code generation for web applications. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 96\u2013113. Springer, Heidelberg (2010)"},{"key":"20_CR16","first-page":"258","volume-title":"In: SP \u201906: Proceedings of the 2006 IEEE Symposium on Security and Privacy","author":"N Jovanovic","year":"2006","unstructured":"Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: a static analysis tool for detecting web application vulnerabilities (short paper). In: SP \u201906: Proceedings of the 2006 IEEE Symposium on Security and Privacy, pp. 258\u2013263. IEEE Computer Society, Washington, DC (2006)"},{"key":"20_CR17","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1145\/1134744.1134751","volume-title":"In: PLAS \u201906: Proceedings of the 2006 Workshop on Programming Languages and Analysis for Security","author":"N Jovanovic","year":"2006","unstructured":"Jovanovic, N., Kruegel, C., Kirda, E.: Precise alias analysis for static detection of web application vulnerabilities. In: PLAS \u201906: Proceedings of the 2006 Workshop on Programming Languages and Analysis for Security, pp. 27\u201336. ACM, New York (2006)"},{"key":"20_CR18","series-title":"LNCS","first-page":"220","volume-title":"ECOOP 1997","author":"G Kiczales","year":"1997","unstructured":"Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C., Loingtier, J.M., Irwin, J.: Aspect-oriented programming. In: Aksit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220\u2013242. Springer, Heidelberg (1997)"},{"key":"20_CR19","doi-asserted-by":"crossref","unstructured":"Kirda, E., Krgel, C., Vigna, G., Jovanovic, N.: Noxes: a client-side solution for mitigating cross-site scripting attacks. In: SAC\u201906, pp. 330\u2013337 (2006)","DOI":"10.1145\/1141277.1141357"},{"key":"20_CR20","doi-asserted-by":"crossref","unstructured":"Laranjeiro, N., Vieira, M., Madeira, H.: Improving web services robustness. In: IEEE International Conference on Web Services, ICWS 2009, pp. 397\u2013404 (2009)","DOI":"10.1109\/ICWS.2009.27"},{"key":"20_CR21","unstructured":"Laskos, T.: Arachni 0.4.2 - web application security scanner framework. http:\/\/www.arachni-scanner.com\/ (2013)"},{"key":"20_CR22","first-page":"18","volume-title":"In: SSYM\u201905: Proceedings of the 14th Conference on USENIX Security Symposium","author":"VB Livshits","year":"2005","unstructured":"Livshits, V.B., Lam, M.S.: Finding security vulnerabilities in java applications with static analysis. In: SSYM\u201905: Proceedings of the 14th Conference on USENIX Security Symposium, p. 18. USENIX Association, Berkeley (2005)"},{"key":"20_CR23","doi-asserted-by":"crossref","unstructured":"Nguyen-Tuong, A., Guarnieri, S., Greene, D., Shirley, J., Evans, D.: Automatically hardening web applications using precise tainting. In: SEC, pp. 295\u2013308 (2005)","DOI":"10.1007\/0-387-25660-1_20"},{"key":"20_CR24","series-title":"LNCS","first-page":"124","volume-title":"RAID 2005","author":"T Pietraszek","year":"2006","unstructured":"Pietraszek, T., Berghe, C.V.: Defending against injection attacks through context-sensitive string evaluation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 124\u2013145. Springer, Heidelberg (2006)"},{"key":"20_CR25","unstructured":"Riancho, A.: W3af 1.0 - open source web application security scanner. http:\/\/w3af.org\/ (2011)"},{"key":"20_CR26","first-page":"283","volume-title":"In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM\u201909","author":"W Robertson","year":"2009","unstructured":"Robertson, W., Vigna, G.: Static enforcement of web application integrity through strong typing. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM\u201909, pp. 283\u2013298. USENIX Association, Berkeley (2009)"},{"issue":"3","key":"20_CR27","doi-asserted-by":"publisher","first-page":"344","DOI":"10.1016\/j.cose.2011.12.013","volume":"31","author":"T Scholte","year":"2012","unstructured":"Scholte, T., Balzarotti, D., Kirda, E.: Have things changed now? an empirical study on input validation vulnerabilities in web applications. Comput. Secur. 31(3), 344\u2013356 (2012)","journal-title":"Comput. Secur."},{"key":"20_CR28","doi-asserted-by":"crossref","unstructured":"Scholte, T., Robertson, W.K., Balzarotti, D., Kirda, E.: Preventing input validation vulnerabilities in web applications through automated type analysis. In: Bai, X., Belli, F., Bertino, E., Chang, C.K., El\u00e7i, A., Seceleanu, C.C., Xie, H., Zulkernine, M. (eds.) COMPSAC, pp. 233\u2013243. IEEE Computer Society (2012)","DOI":"10.1109\/COMPSAC.2012.34"},{"key":"20_CR29","doi-asserted-by":"crossref","unstructured":"Scott, D., Sharp, R.: Abstracting application-level web security. In: Proceedings of the 11th International Conference on World Wide Web, WWW \u201902, pp. 396\u2013407. ACM, New York (2002). http:\/\/doi.acm.org\/10.1145\/511446.511498","DOI":"10.1145\/511446.511498"},{"key":"20_CR30","unstructured":"Source, S.: Spring web mvc. http:\/\/www.springsource.org\/go-webflow2 (2011)"},{"key":"20_CR31","unstructured":"Trustwave: Trustwave webdefend - web application firewall. https:\/\/www.trustwave.com\/web-application-firewall.php (2011)"},{"key":"20_CR32","unstructured":"Vogt, P., Nentwich, F., Jovanovic, N., Kirda, E., Kr\u00fcgel, C., Vigna, G.: Cross site scripting prevention with dynamic data tainting and static analysis. In: NDSS. The Internet Society (2007)"},{"key":"20_CR33","doi-asserted-by":"crossref","unstructured":"Wassermann, G., Su, Z.: Sound and precise analysis of web applications for injection vulnerabilities. In: Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI \u201907, pp. 32\u201341. ACM, New York (2007). http:\/\/doi.acm.org\/10.1145\/1250734.1250739","DOI":"10.1145\/1250734.1250739"},{"key":"20_CR34","first-page":"171","volume-title":"In: ICSE \u201908: Proceedings of the 30th International Conference on Software Engineering","author":"G Wassermann","year":"2008","unstructured":"Wassermann, G., Su, Z.: Static detection of cross-site scripting vulnerabilities. In: ICSE \u201908: Proceedings of the 30th International Conference on Software Engineering, pp. 171\u2013180. ACM, New York (2008)"},{"key":"20_CR35","unstructured":"Xie, Y., Aiken, A.: Static detection of security vulnerabilities in scripting languages. In: Proceedings of the 15th Conference on USENIX Security Symposium, vol. 15. USENIX Association, Berkeley (2006). http:\/\/portal.acm.org\/citation.cfm?id=1267336.1267349"}],"container-title":["Lecture Notes in Computer Science","Data Privacy Management and Autonomous Spontaneous Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-54568-9_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,2]],"date-time":"2025-05-02T03:30:36Z","timestamp":1746156636000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-642-54568-9_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783642545672","9783642545689"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-54568-9_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]},"assertion":[{"value":"21 March 2014","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}