{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,25]],"date-time":"2026-03-25T10:40:00Z","timestamp":1774435200092,"version":"3.50.1"},"reference-count":75,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2019,4,13]],"date-time":"2019-04-13T00:00:00Z","timestamp":1555113600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100000781","name":"European Research Council","doi-asserted-by":"publisher","award":["694277"],"award-info":[{"award-number":["694277"]}],"id":[{"id":"10.13039\/501100000781","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100005416","name":"Research Council of Norway","doi-asserted-by":"crossref","award":["274385"],"award-info":[{"award-number":["274385"]}],"id":[{"id":"10.13039\/501100005416","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Empir Software Eng"],"published-print":{"date-parts":[[2019,12]]},"DOI":"10.1007\/s10664-019-09707-8","type":"journal-article","created":{"date-parts":[[2019,4,13]],"date-time":"2019-04-13T14:02:32Z","timestamp":1555164152000},"page":"3696-3729","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["Search-based multi-vulnerability testing of XML injections in web applications"],"prefix":"10.1007","volume":"24","author":[{"given":"Sadeeq","family":"Jan","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7395-3588","authenticated-orcid":false,"given":"Annibale","family":"Panichella","sequence":"additional","affiliation":[]},{"given":"Andrea","family":"Arcuri","sequence":"additional","affiliation":[]},{"given":"Lionel","family":"Briand","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,4,13]]},"reference":[{"issue":"6","key":"9707_CR1","doi-asserted-by":"publisher","first-page":"957","DOI":"10.1016\/j.infsof.2008.12.005","volume":"51","author":"W Afzal","year":"2009","unstructured":"Afzal W, Torkar R, Feldt R (2009) A systematic review of search-based testing for non-functional system properties. Inf Softw Technol 51(6):957\u2013976. \nhttps:\/\/doi.org\/10.1016\/j.infsof.2008.12.005","journal-title":"Inf Softw Technol"},{"issue":"3","key":"9707_CR2","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1145\/360018.360025","volume":"19","author":"F. E. Allen","year":"1976","unstructured":"Allen FE, Cocke J (1976) A program data flow analysis procedure. Commun ACM 19(3):137\u2013. \nhttps:\/\/doi.org\/10.1145\/360018.360025","journal-title":"Communications of the ACM"},{"issue":"3","key":"9707_CR3","doi-asserted-by":"publisher","first-page":"175","DOI":"10.1002\/stvr.354","volume":"16","author":"M Alshraideh","year":"2006","unstructured":"Alshraideh M, Bottaci L (2006) Search-based software test data generation for string data using program-specific search operators: Research articles. Softw Test Verif Reliab 16(3):175\u2013203. \nhttps:\/\/doi.org\/10.1002\/stvr.v16:3","journal-title":"Softw Test Verif Reliab"},{"key":"9707_CR4","doi-asserted-by":"crossref","unstructured":"Appelt D, Nguyen C, Briand CL, Alshahwan N (2014) Automated testing for sql injection vulnerabilities: An input mutation approach. In: 2014 international symposium on software testing and analysis, ISSTA 2014 - Proceedings","DOI":"10.1145\/2610384.2610403"},{"key":"9707_CR5","doi-asserted-by":"publisher","unstructured":"Appelt D, Nguyen CD, Briand L (2015) Behind an application firewall, are we safe from SQL injection attacks?. In: 2015 IEEE 8th international conference on software testing, verification and validation (ICST), pp 1\u201310. \nhttps:\/\/doi.org\/10.1109\/ICST.2015.7102581","DOI":"10.1109\/ICST.2015.7102581"},{"key":"9707_CR6","doi-asserted-by":"crossref","unstructured":"Arcuri A (2017) Many independent objective (MIO) algorithm for test suite generation. In: International symposium on search based software engineering (SSBSE)","DOI":"10.1007\/978-3-319-66299-2_1"},{"issue":"3","key":"9707_CR7","doi-asserted-by":"publisher","first-page":"594","DOI":"10.1007\/s10664-013-9249-9","volume":"18","author":"A Arcuri","year":"2013","unstructured":"Arcuri A, Fraser G (2013) Parameter tuning or default values? an empirical investigation in search-based software engineering. Empir Softw Eng 18(3):594\u2013623","journal-title":"Empir Softw Eng"},{"issue":"2","key":"9707_CR8","doi-asserted-by":"publisher","first-page":"258","DOI":"10.1109\/TSE.2011.121","volume":"38","author":"A Arcuri","year":"2012","unstructured":"Arcuri A, Iqbal MZZ, Briand L (2012) Random testing: Theoretical results and practical implications. IEEE Trans Software Eng 38(2):258\u2013277. \nhttps:\/\/doi.org\/10.1109\/TSE.2011.121","journal-title":"IEEE Trans Software Eng"},{"key":"9707_CR9","doi-asserted-by":"publisher","unstructured":"Avancini A, Ceccato M (2010) Towards security testing with taint analysis and genetic algorithms. In: Proceedings of the 2010 ICSE workshop on software engineering for secure systems, SESS \u201910, pp. 65\u201371. \nhttps:\/\/doi.org\/10.1145\/1809100.1809110\n\n. ACM, New York","DOI":"10.1145\/1809100.1809110"},{"key":"9707_CR10","doi-asserted-by":"publisher","unstructured":"Avancini A, Ceccato M (2011) Security testing of web applications: A search-based approach for cross-site scripting vulnerabilities. In: 2011 11th IEEE international working conference on source code analysis and manipulation (SCAM), pp 85\u201394. \nhttps:\/\/doi.org\/10.1109\/SCAM.2011.7","DOI":"10.1109\/SCAM.2011.7"},{"key":"9707_CR11","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1007\/978-3-319-26555-1_15","volume-title":"Neural Information Processing","author":"Kavitesh K. Bali","year":"2015","unstructured":"Bali K K, Chandra R (2015) Multi-island competitive cooperative coevolution for real parameter global optimization. In: Arik S., Huang T., Lai W. K., Liu Q. (eds) Neural information processing. Springer International Publishing, Cham, pp 127\u2013136"},{"key":"9707_CR12","doi-asserted-by":"publisher","unstructured":"Bau J, Bursztein E, Gupta D, Mitchell J (2010) State of the art: Automated black-box web application vulnerability testing. In: 2010 IEEE symposium on security and privacy, pp 332\u2013345. \nhttps:\/\/doi.org\/10.1109\/SP.2010.27","DOI":"10.1109\/SP.2010.27"},{"issue":"2","key":"9707_CR13","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1007\/s10710-006-9003-9","volume":"7","author":"L Briand","year":"2006","unstructured":"Briand L, Labiche Y, Shousha M (2006) Using genetic algorithms for early schedulability analysis and stress testing in real-time systems. Genet Program Evolvable Mach 7(2):145\u2013170. \nhttps:\/\/doi.org\/10.1007\/s10710-006-9003-9","journal-title":"Genet Program Evolvable Mach"},{"key":"9707_CR14","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s11761-013-0139-1","volume":"8","author":"J Chen","year":"2014","unstructured":"Chen J, Li Q, Mao C, Towey D, Zhan Y, Wang H (2014) A web services vulnerability testing approach based on combinatorial mutation and soap message mutation. Service Oriented Computing and Applications 8:1\u201313. \nhttps:\/\/doi.org\/10.1007\/s11761-013-0139-1\n\n. \nhttp:\/\/link.springer.com\/article\/10.1007\/s11761-013-0139-1","journal-title":"Service Oriented Computing and Applications"},{"key":"9707_CR15","unstructured":"Chen Q, Liu B, Zhang Q, Liang J, Suganthan P, Qu B (2014) Problem definition and evaluation criteria for cec 2015 special session and competition on bound constrained single-objective computationally expensive numerical optimization. Tech rep"},{"key":"9707_CR16","unstructured":"Chess B, West J (2007) Secure programming with static analysis, first edn Addison-Wesley Professional"},{"key":"9707_CR17","doi-asserted-by":"publisher","unstructured":"Chunlei W, Li L, Qiang L (2014) Automatic fuzz testing of web service vulnerability. In: 2014 international conference on information and communications technologies (ICT 2014), pp. 1\u20136. \nhttps:\/\/doi.org\/10.1049\/cp.2014.0589","DOI":"10.1049\/cp.2014.0589"},{"key":"9707_CR18","doi-asserted-by":"publisher","unstructured":"Clause J, Orso A (2009) Penumbra: Automatically identifying failure-relevant inputs using dynamic tainting. In: Proceedings of the 18th international symposium on software testing and analysis, ISSTA \u201909. \nhttps:\/\/doi.org\/10.1145\/1572272.1572301\n\n. ACM, New York, pp 249\u2013260","DOI":"10.1145\/1572272.1572301"},{"issue":"2","key":"9707_CR19","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1109\/4236.991449","volume":"6","author":"F Curbera","year":"2002","unstructured":"Curbera F, Duftler M, Khalaf R, Nagy W, Mukhi N, Weerawarana S (2002) Unraveling the web services web: an introduction to soap, wsdl, and uddi. IEEE Internet Comput 6(2):86\u201393","journal-title":"IEEE Internet Comput"},{"key":"9707_CR20","unstructured":"Davis P J, Rabinowitz P (2007) Methods of numerical integration. Courier Corporation"},{"key":"9707_CR21","unstructured":"De Jong KA (1975) An analysis of the behavior of a class of genetic adaptive systems, Ph.D. thesis, Ann Arbor. AAI7609381"},{"issue":"1","key":"9707_CR22","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1504\/IJAISC.2014.059280","volume":"4","author":"K Deb","year":"2014","unstructured":"Deb K, Deb D (2014) Analysing mutation schemes for real-parameter genetic algorithms. Int J Artif Intelligence Soft Comput 4(1):1\u201328","journal-title":"Int J Artif Intelligence Soft Comput"},{"issue":"2","key":"9707_CR23","doi-asserted-by":"publisher","first-page":"182","DOI":"10.1109\/4235.996017","volume":"6","author":"K Deb","year":"2002","unstructured":"Deb K, Pratap A, Agarwal S, Meyarivan T (2002) A fast and elitist multiobjective genetic algorithm: Nsga-ii. IEEE Trans Evol Comput 6(2):182\u2013197. \nhttps:\/\/doi.org\/10.1109\/4235.996017","journal-title":"IEEE Trans Evol Comput"},{"issue":"10","key":"9707_CR24","doi-asserted-by":"publisher","first-page":"3125","DOI":"10.1016\/j.cor.2007.01.013","volume":"35","author":"C Del Grosso","year":"2008","unstructured":"Del Grosso C, Antoniol G, Merlo E, Galinier P (2008) Detecting buffer overflow via automatic test input data generation. Comput Oper Res 35(10):3125\u20133143. \nhttps:\/\/doi.org\/10.1016\/j.cor.2007.01.013","journal-title":"Comput Oper Res"},{"key":"9707_CR25","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/bs.adcom.2015.11.003","volume":"101","author":"M Felderer","year":"2016","unstructured":"Felderer M, B\u00fcchler M, Johns M, Brucker AD, Breu R, Pretschner A (2016) Chapter one-security testing: a survey. Adv Comput 101:1\u201351","journal-title":"Adv Comput"},{"key":"9707_CR26","volume-title":"Architectural styles and the design of network-based software architectures. Ph.D. thesis","author":"RT Fielding","year":"2000","unstructured":"Fielding R T (2000) Architectural styles and the design of network-based software architectures. Ph.D. thesis. University of California, Irvine"},{"issue":"2","key":"9707_CR27","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1145\/2685612","volume":"24","author":"G Fraser","year":"2014","unstructured":"Fraser G, Arcuri A (2014) A large-scale evaluation of automated unit test generation using EvoSuite. ACM Trans Softw Eng Methodol (TOSEM) 24(2):8","journal-title":"ACM Trans Softw Eng Methodol (TOSEM)"},{"key":"9707_CR28","unstructured":"Gallagher T (2008) Automated detection of cross site scripting vulnerabilities. \nhttps:\/\/www.google.com\/patents\/US7343626\n\n. US Patent 7,343,626"},{"issue":"6","key":"9707_CR29","doi-asserted-by":"publisher","first-page":"617","DOI":"10.1007\/s10732-008-9080-4","volume":"15","author":"S Garc\u00eda","year":"2008","unstructured":"Garc\u00eda S, Molina D, Lozano M, Herrera F (2008) A study on the use of non-parametric tests for analyzing the evolutionary algorithms\u2019 behaviour: a case study on the cec\u20192005 special session on real parameter optimization. J Heuristics 15(6):617. \nhttps:\/\/doi.org\/10.1007\/s10732-008-9080-4","journal-title":"J Heuristics"},{"issue":"1","key":"9707_CR30","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1109\/TEVC.2008.920671","volume":"13","author":"CK Goh","year":"2009","unstructured":"Goh CK, Tan KC (2009) A competitive-cooperative coevolutionary paradigm for dynamic multiobjective optimization. IEEE Trans Evol Comput 13(1):103\u2013127. \nhttps:\/\/doi.org\/10.1109\/TEVC.2008.920671","journal-title":"IEEE Trans Evol Comput"},{"issue":"1","key":"9707_CR31","doi-asserted-by":"publisher","first-page":"122","DOI":"10.1109\/TSMC.1986.289288","volume":"16","author":"J Grefenstette","year":"1986","unstructured":"Grefenstette J (1986) Optimization of control parameters for genetic algorithms. IEEE Trans Syst Man Cybern Syst 16(1):122\u2013128. \nhttps:\/\/doi.org\/10.1109\/TSMC.1986.289288","journal-title":"IEEE Trans Syst Man Cybern Syst"},{"issue":"1","key":"9707_CR32","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1109\/TSE.2007.70748","volume":"34","author":"W Halfond","year":"2008","unstructured":"Halfond W, Orso A, Manolios P (2008) Wasp: Protecting web applications using positive tainting and syntax-aware evaluation. IEEE Trans Softw Eng 34(1):65\u201381. \nhttps:\/\/doi.org\/10.1109\/TSE.2007.70748","journal-title":"IEEE Trans Softw Eng"},{"key":"9707_CR33","doi-asserted-by":"publisher","unstructured":"Halfond WGJ, Orso A, Manolios P (2006) Using positive tainting and syntax-aware evaluation to counter sql injection attacks. In: Proceedings of the 14th ACM SIGSOFT international symposium on foundations of software engineering, SIGSOFT \u201906\/FSE-14. \nhttps:\/\/doi.org\/10.1145\/1181775.1181797\n\n. ACM, New York, pp 175\u2013185","DOI":"10.1145\/1181775.1181797"},{"key":"9707_CR34","doi-asserted-by":"publisher","unstructured":"Harman M (2007) The current state and future of search based software engineering. In: 2007 future of software engineering, FOSE \u201907. \nhttps:\/\/doi.org\/10.1109\/FOSE.2007.29\n\n. IEEE Computer Society, Washington, pp 342\u2013357","DOI":"10.1109\/FOSE.2007.29"},{"issue":"2","key":"9707_CR35","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1109\/TSE.2009.71","volume":"36","author":"M Harman","year":"2010","unstructured":"Harman M, McMinn P (2010) A theoretical and empirical study of search-based testing: Local, global, and hybrid search. IEEE Trans Softw Eng 36(2):226\u2013247. \nhttps:\/\/doi.org\/10.1109\/TSE.2009.71","journal-title":"IEEE Trans Softw Eng"},{"key":"9707_CR36","volume-title":"Practical genetic algorithms","author":"RL Haupt","year":"2004","unstructured":"Haupt R L, Haupt S E (2004) Practical genetic algorithms. Wiley, New York"},{"key":"9707_CR37","unstructured":"Holm S (1979) A simple sequentially rejective multiple test procedure. Scandinavian journal of statistics, pp 65\u201370"},{"issue":"5","key":"9707_CR38","doi-asserted-by":"publisher","first-page":"739","DOI":"10.1016\/j.comnet.2005.01.003","volume":"48","author":"YW Huang","year":"2005","unstructured":"Huang YW, Tsai CH, Lin TP, Huang SK, Lee D, Kuo SY (2005) A testing framework for web application security assessment. Comput Netw 48 (5):739\u2013761. \nhttps:\/\/doi.org\/10.1016\/j.comnet.2005.01.003\n\n. \nhttp:\/\/www.sciencedirect.com\/science\/article\/pii\/S1389128605000101\n\n. Web Security","journal-title":"Comput Netw"},{"key":"9707_CR39","doi-asserted-by":"publisher","unstructured":"Huang YW, Yu F, Hang C, Tsai CH, Lee DT, Kuo SY (2004) Securing web application code by static analysis and runtime protection. In: Proceedings of the 13th international conference on world wide web, WWW \u201904. \nhttps:\/\/doi.org\/10.1145\/988672.988679\n\n. ACM, New York, pp 40\u201352","DOI":"10.1145\/988672.988679"},{"key":"9707_CR40","doi-asserted-by":"crossref","unstructured":"Jan S, Nguyen C D, Arcuri A, Briand L (2017a) A search-based testing approach for xml injection vulnerabilities in web applications. In: Proceedings of the 10th IEEE International Conference on Software Testing, Verification and Validation (ICST 2017)","DOI":"10.1109\/ICST.2017.39"},{"key":"9707_CR41","doi-asserted-by":"publisher","unstructured":"Jan S, Nguyen C D, Briand L (2015) Known XML vulnerabilities are still a threat to popular parsers and open source systems. In: 2015 IEEE international conference on software quality, reliability and security (QRS), pp 233\u2013241. \nhttps:\/\/doi.org\/10.1109\/QRS.2015.42","DOI":"10.1109\/QRS.2015.42"},{"key":"9707_CR42","doi-asserted-by":"crossref","unstructured":"Jan S, Nguyen CD, Briand L (2016) Automated and effective testing of web services for XML injection attacks. In: Proceedings of the 2016 international symposium on software testing and analysis (ISSTA)","DOI":"10.1145\/2931037.2931042"},{"issue":"4","key":"9707_CR43","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1109\/TSE.2017.2778711","volume":"45","author":"Sadeeq Jan","year":"2019","unstructured":"Jan S, Panichella A, Arcuri A, Briand L (2017b) Automatic generation of tests to exploit xml injection vulnerabilities in web applications. IEEE Trans Softw Eng PP(99):1\u20131. \nhttps:\/\/doi.org\/10.1109\/TSE.2017.2778711","journal-title":"IEEE Transactions on Software Engineering"},{"key":"9707_CR44","doi-asserted-by":"crossref","unstructured":"Jansen T (2002) On the analysis of dynamic restart strategies for evolutionary algorithms. In: PPSN, vol 2, pp 33\u201343. Springer","DOI":"10.1007\/3-540-45712-7_4"},{"key":"9707_CR45","doi-asserted-by":"publisher","unstructured":"Jovanovic N, Kruegel C, Kirda E (2006) Pixy: a static analysis tool for detecting web application vulnerabilities. In: 2006 IEEE symposium on security and privacy (S P\u201906), pp 6 pp\u2013263. \nhttps:\/\/doi.org\/10.1109\/SP.2006.29","DOI":"10.1109\/SP.2006.29"},{"key":"9707_CR46","doi-asserted-by":"publisher","unstructured":"Jovanovic N, Kruegel C, Kirda E (2006) Pixy: A static analysis tool for detecting web application vulnerabilities (short paper). In: Proceedings of the 2006 IEEE symposium on security and privacy, SP \u201906. \nhttps:\/\/doi.org\/10.1109\/SP.2006.29\n\n. IEEE Computer Society, Washington, pp 258\u2013263","DOI":"10.1109\/SP.2006.29"},{"key":"9707_CR47","doi-asserted-by":"publisher","unstructured":"Junjin M (2009) An approach for sql injection vulnerability detection. In: 6th international conference on information technology: New generations, 2009. ITNG \u201909, pp 1411\u20131414. \nhttps:\/\/doi.org\/10.1109\/ITNG.2009.34","DOI":"10.1109\/ITNG.2009.34"},{"key":"9707_CR48","first-page":"288","volume":"VII","author":"N Keerativuttitumrong","year":"2002","unstructured":"Keerativuttitumrong N, Chaiyaratana N, Varavithya V (2002) Multi-objective co-operative co-evolutionary genetic algorithm. Parallel Problem Solving from Nature\u2014PPSN VII:288\u2013297","journal-title":"Parallel Problem Solving from Nature\u2014PPSN"},{"key":"9707_CR49","doi-asserted-by":"publisher","unstructured":"Kieyzun A, Guo P J, Jayaraman K, Ernst M D (2009) Automatic creation of sql injection and cross-site scripting attacks. In: 2009 IEEE 31st international conference on software engineering, pp 199\u2013209. \nhttps:\/\/doi.org\/10.1109\/ICSE.2009.5070521","DOI":"10.1109\/ICSE.2009.5070521"},{"key":"9707_CR50","doi-asserted-by":"crossref","unstructured":"Kosuga Y, Kono K, Hanaoka M, Hishiyama M, Takahama Y (2007) Sania: Syntactic and semantic analysis for automated testing against sql injection. In: 23rd annual computer security applications conference (ACSAC 2007), pp 107\u2013117","DOI":"10.1109\/ACSAC.2007.20"},{"issue":"2","key":"9707_CR51","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1016\/j.jss.2007.05.007","volume":"81","author":"H Liu","year":"2008","unstructured":"Liu H, Tan HBK (2008) Testing input validation in web applications through automated model recovery. J Syst Softw 81(2):222\u2013233. Model-Based Software Testing","journal-title":"J Syst Softw"},{"key":"9707_CR52","unstructured":"Livshits VB, Lam MS (2005) Finding security vulnerabilities in java applications with static analysis. In: Proceedings of the 14th conference on USENIX security symposium - Volume 14, SSYM\u201905. \nhttp:\/\/dl.acm.org\/citation.cfm?id=1251398.1251416\n\n. USENIX Association, Berkeley, pp 18\u201318"},{"key":"9707_CR53","unstructured":"Magical Code Injection Rainbow (MCIR) (2016) \nhttps:\/\/github.com\/SpiderLabs\/MCIR\/\n\n. Accessed: 2016-04-26"},{"key":"9707_CR54","doi-asserted-by":"publisher","unstructured":"Mainka C, Somorovsky J, Schwenk J (2012) Penetration testing tool for web services security. In: 2012 IEEE 8th world congress on services (SERVICES), pp 163\u2013170. \nhttps:\/\/doi.org\/10.1109\/SERVICES.2012.7","DOI":"10.1109\/SERVICES.2012.7"},{"issue":"2","key":"9707_CR55","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1002\/stvr.294","volume":"14","author":"P McMinn","year":"2004","unstructured":"McMinn P (2004) Search-based software test data generation: A survey. Software Testing Verification and Reliability 14(2):105\u2013156","journal-title":"Software Testing Verification and Reliability"},{"issue":"2","key":"9707_CR56","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1002\/stvr.294","volume":"14","author":"P McMinn","year":"2004","unstructured":"McMinn P (2004) Search-based software test data generation: A survey. Softw Test Verif Reliab 14(2):105\u2013156. \nhttps:\/\/doi.org\/10.1002\/stvr.v14:2","journal-title":"Softw Test Verif Reliab"},{"key":"9707_CR57","unstructured":"Newman S (2015) Building microservices. \u201d O\u2019Reilly Media Inc.\u201d"},{"key":"9707_CR58","unstructured":"OWASP (2016) \nhttps:\/\/www.owasp.org\/index.php\n\n. Accessed: 2016-04-26"},{"key":"9707_CR59","doi-asserted-by":"crossref","unstructured":"Panichella A, Kifetew F, Tonella P (2017) Automated test case generation as a many-objective optimisation problem with dynamic selection of the targets. IEEE Transactions on Software Engineering. To appear","DOI":"10.1109\/TSE.2017.2663435"},{"key":"9707_CR60","doi-asserted-by":"crossref","unstructured":"Panichella A, Kifetew F M, Tonella P (2015) Reformulating branch coverage as a many-objective optimization problem. In: 2015 IEEE 8th international conference on software testing, verification and validation (ICST), pp 1\u201310. IEEE","DOI":"10.1109\/ICST.2015.7102604"},{"key":"9707_CR61","doi-asserted-by":"publisher","unstructured":"Panichella A, Molina U R (2017) Java unit testing tool competition - fifth round. In: 10th IEEE\/ACM international workshop on search-based software testing (SBST), pp 32\u201338. \nhttps:\/\/doi.org\/10.1109\/SBST.2017.7","DOI":"10.1109\/SBST.2017.7"},{"key":"9707_CR62","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1007\/3-540-58484-6_269","volume-title":"Parallel Problem Solving from Nature \u2014 PPSN III","author":"Mitchell A. Potter","year":"1994","unstructured":"Potter M A, De Jong K A (1994) A cooperative coevolutionary approach to function optimization. In: Davidor Y, Schwefel HP, M\u00e4nner R (eds) Parallel problem solving from nature \u2014 PPSN III. Springer, Berlin, pp 249\u2013257"},{"key":"9707_CR63","doi-asserted-by":"publisher","unstructured":"Rawat S, Mounier L (2011) Offset-aware mutation based fuzzing for buffer overflow vulnerabilities: Few preliminary results. In: 2011 IEEE 4th international conference on software testing, verification and validation workshops (ICSTW), pp 531\u2013533. \nhttps:\/\/doi.org\/10.1109\/ICSTW.2011.9","DOI":"10.1109\/ICSTW.2011.9"},{"issue":"4","key":"9707_CR64","doi-asserted-by":"publisher","first-page":"46","DOI":"10.1109\/MSP.2012.83","volume":"11","author":"T Rosa","year":"2013","unstructured":"Rosa T, Santin A, Malucelli A (2013) Mitigating XML injection 0-day attacks through strategy-based detection systems. IEEE Secur Priv 11(4):46\u201353. \nhttps:\/\/doi.org\/10.1109\/MSP.2012.83","journal-title":"IEEE Secur Priv"},{"key":"9707_CR65","unstructured":"Schaffer J D, Caruana R A, Eshelman L J, Das R (1989) A study of control parameters affecting online performance of genetic algorithms for function optimization. In: Proceedings of the third international conference on Genetic algorithms, pp. 51\u201360. Morgan Kaufmann Publishers Inc"},{"key":"9707_CR66","unstructured":"Sharma SRVR, Gonzalez D (2017) Microservices: Building Scalable Software. Packt Publishing. \nhttps:\/\/books.google.lu\/books?id=zU8oDwAAQBAJ"},{"key":"9707_CR67","doi-asserted-by":"crossref","unstructured":"Smith J E, Fogarty T C (1996) Adaptively parameterised evolutionary systems: Self adaptive recombination and mutation in a genetic algorithm. In: Parallel problem solving from nature\u2014PPSN IV, pp 441\u2013450. Springer","DOI":"10.1007\/3-540-61723-X_1008"},{"issue":"1","key":"9707_CR68","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1109\/TSE.1986.6312929","volume":"12","author":"RE Strom","year":"1986","unstructured":"Strom RE, Yemini S (1986) Typestate: A programming language concept for enhancing software reliability. IEEE Trans Softw Eng 12(1):157\u2013171. \nhttps:\/\/doi.org\/10.1109\/TSE.1986.6312929","journal-title":"IEEE Trans Softw Eng"},{"issue":"5","key":"9707_CR69","doi-asserted-by":"publisher","first-page":"527","DOI":"10.1109\/TEVC.2005.860762","volume":"10","author":"KC Tan","year":"2006","unstructured":"Tan KC, Yang YJ, Goh CK (2006) A distributed cooperative coevolutionary algorithm for multiobjective optimization. Trans Evol Comp 10(5):527\u2013549. \nhttps:\/\/doi.org\/10.1109\/TEVC.2005.860762","journal-title":"Trans Evol Comp"},{"key":"9707_CR70","unstructured":"Testing for XML Injection (2016) \nhttps:\/\/www.owasp.org\/index.php\/Testing_for_XML_Injection_(OTG-INPVAL-008)\n\n. Accessed: 2016-04-26"},{"key":"9707_CR71","doi-asserted-by":"publisher","unstructured":"Thom\u00e9 J, Gorla A, Zeller A (2014) Search-based security testing of web applications. In: Proceedings of the 7th international workshop on search-based software testing, SBST 2014. \nhttps:\/\/doi.org\/10.1145\/2593833.2593835\n\n. ACM, New York, pp 5\u201314","DOI":"10.1145\/2593833.2593835"},{"key":"9707_CR72","doi-asserted-by":"publisher","unstructured":"T\u00fcrpe S (2011) Search-Based Application Security Testing: Towards a Structured Search Space. In: 2011 IEEE 4th international conference on software testing, verification and validation workshops (ICSTW), pp 198\u2013201. \nhttps:\/\/doi.org\/10.1109\/ICSTW.2011.96","DOI":"10.1109\/ICSTW.2011.96"},{"issue":"6","key":"9707_CR73","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1145\/1273442.1250739","volume":"42","author":"G Wassermann","year":"2007","unstructured":"Wassermann G, Su Z (2007) Sound and precise analysis of web applications for injection vulnerabilities. SIGPLAN Not 42(6):32\u201341. \nhttps:\/\/doi.org\/10.1145\/1273442.1250739","journal-title":"SIGPLAN Not"},{"key":"9707_CR74","unstructured":"Williams J, Wichers D (2013) Owasp, top 10, the ten most critical web application security risks. Tech. rep., The Open Web Application Security Project"},{"key":"9707_CR75","unstructured":"WSFuzzer Tool (2016) \nhttps:\/\/www.owasp.org\/index.php\/Category:OWASP_WSFuzzer_Project\n\n. Accessed: 2016-04-26"}],"updated-by":[{"DOI":"10.1007\/s10664-019-09732-7","type":"correction","label":"Correction","source":"publisher","updated":{"date-parts":[[2019,6,7]],"date-time":"2019-06-07T00:00:00Z","timestamp":1559865600000}}],"container-title":["Empirical Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-019-09707-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10664-019-09707-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-019-09707-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,4,11]],"date-time":"2020-04-11T23:28:02Z","timestamp":1586647682000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10664-019-09707-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,4,13]]},"references-count":75,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2019,12]]}},"alternative-id":["9707"],"URL":"https:\/\/doi.org\/10.1007\/s10664-019-09707-8","relation":{"correction":[{"id-type":"doi","id":"10.1007\/s10664-019-09732-7","asserted-by":"object"}]},"ISSN":["1382-3256","1573-7616"],"issn-type":[{"value":"1382-3256","type":"print"},{"value":"1573-7616","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,4,13]]},"assertion":[{"value":"13 April 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 June 2019","order":2,"name":"change_date","label":"Change Date","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Correction","order":3,"name":"change_type","label":"Change Type","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The article Search-based multi-vulnerability testing of XML injections in web applications, written by Sadeeq Jan, Annibale Panichella, Andrea Arcuri, and Lionel Briand, was originally published electronically on the publisher\u2019s internet portal (currently SpringerLink) on May 2019 without open access.","order":4,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}}]}}