{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,10,24]],"date-time":"2023-10-24T22:56:48Z","timestamp":1698188208256},"reference-count":31,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2014,9,29]],"date-time":"2014-09-29T00:00:00Z","timestamp":1411948800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Sci. China Inf. Sci."],"published-print":{"date-parts":[[2015,1]]},"DOI":"10.1007\/s11432-014-5145-1","type":"journal-article","created":{"date-parts":[[2014,9,29]],"date-time":"2014-09-29T16:06:42Z","timestamp":1412006802000},"page":"1-14","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["XAS: Cross-API scripting attacks in social ecosystems"],"prefix":"10.1007","volume":"58","author":[{"given":"YuQing","family":"Zhang","sequence":"first","affiliation":[]},{"given":"QiXu","family":"Liu","sequence":"additional","affiliation":[]},{"given":"QiHan","family":"Luo","sequence":"additional","affiliation":[]},{"given":"XiaLi","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2014,9,29]]},"reference":[{"key":"5145_CR1","volume-title":"Architectural styles and the design of network-based software architectures","author":"T F Roy","year":"2000","unstructured":"Roy T F. Architectural styles and the design of network-based software architectures. Doctoral Dissertation, University of California, Irvine, 2000"},{"key":"5145_CR2","volume-title":"Twitter API ripe for abuse by web worms","author":"N Ryan","year":"2009","unstructured":"Ryan N. Twitter API ripe for abuse by web worms. 2009. Online available at: http:\/\/www.zdnet.com\/blog\/security\/twitter-api-ripe-for-abuse-by-web-worms\/3451"},{"key":"5145_CR3","volume-title":"Facebook mobile API XSS vulnerability used to launch spam worm","author":"Softpedia.com News.","year":"2011","unstructured":"Softpedia.com News. Facebook mobile API XSS vulnerability used to launch spam worm. 2011. Online available at: http:\/\/cyberinsecure.com\/facebook-mobile-api-xss-vulnerability-used-to-launch-spam-worm\/"},{"key":"5145_CR4","volume-title":"Exploitation of \u201cself-only\u201d Cross-Site Scripting in Google code","author":"N Amol","year":"2011","unstructured":"Amol N. Exploitation of \u201cself-only\u201d Cross-Site Scripting in Google code. 2011. Online available at: http:\/\/www.exploitdb.com\/downloadpdf\/17017\/"},{"key":"5145_CR5","first-page":"420","volume-title":"Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago","author":"B Hristo","year":"2009","unstructured":"Hristo B, Elie B, Dan B. XCS: Cross channel scripting and its impact on web applications. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, 2009. 420\u2013431"},{"key":"5145_CR6","volume-title":"Proceedings of the Network and Distributed System Security Symposium, San Diego","author":"B Adam","year":"2010","unstructured":"Adam B, Adrienne P F, Prateek S, et al. Protecting browsers from extension vulnerabilities. In: Proceedings of the Network and Distributed System Security Symposium, San Diego, 2010"},{"key":"5145_CR7","volume-title":"Opera extensions: Quick documentation overview","author":"Opera.","year":"2010","unstructured":"Opera. Opera extensions: Quick documentation overview. 2010. Online available at: http:\/\/dev.opera.com\/articles\/view\/opera-extensions-quick-documentation-overview\/"},{"key":"5145_CR8","volume-title":"Web application vulnerabilities in context of browser extensions","author":"I Taras","year":"2011","unstructured":"Taras I. Web application vulnerabilities in context of browser extensions. 2011. Online available at: http:\/\/oxdef.info\/papers\/ext\/chrome.html"},{"key":"5145_CR9","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS)","author":"L Liu","year":"2012","unstructured":"Liu L, Zhang X W, Yan G H, et al. Chrome extensions: Threat analysis and countermeasures. In: Proceedings of the Network and Distributed System Security Symposium (NDSS), 2012"},{"key":"5145_CR10","volume-title":"Security-Assessment.com White Paper","author":"S L Roberto","year":"2010","unstructured":"Roberto S L. Cross context scripting with Firefox. Security-Assessment.com White Paper, 2010"},{"key":"5145_CR11","volume-title":"Black Hat 2008 USA, Las Vegas","author":"H Robert","year":"2008","unstructured":"Robert H, Tom S. Xploiting Google gadgets: Gmailware and beyond. In: Black Hat 2008 USA, Las Vegas, 2008"},{"key":"5145_CR12","volume-title":"Why Facebook should police their API","author":"A Jason","year":"2011","unstructured":"Jason A. Why Facebook should police their API. 2011. Online available at: http:\/\/www.bandwidthblog.com\/2011\/05\/05\/why-facebook-should-police-their-api\/"},{"key":"5145_CR13","volume-title":"OAuth Core 1.0 Revision A","author":"A Mark","year":"2009","unstructured":"Mark A, Dirk B, Darren B, et al. OAuth Core 1.0 Revision A. 2009. Online available at: http:\/\/oauth.net\/core\/1.0a\/"},{"key":"5145_CR14","volume-title":"RFC 5849, The OAuth 1.0 Protocol","author":"E Hammer-Lahav","year":"2010","unstructured":"Hammer-Lahav E. RFC 5849, The OAuth 1.0 Protocol. 2010. Online available at: http:\/\/tools.ietf.org\/html\/rfc5849"},{"key":"5145_CR15","volume-title":"The OAuth 2.0 Authorization Protocol","author":"E Hammer-Lahav","year":"2011","unstructured":"Hammer-Lahav E. The OAuth 2.0 Authorization Protocol. 2011. Online available at: http:\/\/tools.ietf.org\/html\/draftietf-oauth-v2-22"},{"key":"5145_CR16","volume-title":"Proceedings of the 30th IEEE Symposium on Security & Privacy","author":"T L Mike","year":"2009","unstructured":"Mike T L, Venkatakrishnan V N. BLUEPRINT-robust prevention of cross-site scripting attacks for existing browsers. In: Proceedings of the 30th IEEE Symposium on Security & Privacy, 2009"},{"key":"5145_CR17","volume-title":"Proceedings of the 16th Annual Network & Distributed System Security Symposium (NDSS), CA","author":"N Yacin","year":"2009","unstructured":"Yacin N, Prateek S, Dawn S. Document structure integrity: A robust basis for cross-site scripting defense. In: Proceedings of the 16th Annual Network & Distributed System Security Symposium (NDSS), CA, 2009"},{"key":"5145_CR18","volume-title":"Proceedings of the 16th Annual Network & Distributed System Security Symposium (NDSS), San Diego, CA","author":"V G Matthew","year":"2009","unstructured":"Matthew V G, Chen H. Noncespaces: Using randomization to enforce information flow tracking and thwart cross-site scripting attacks. In: Proceedings of the 16th Annual Network & Distributed System Security Symposium (NDSS), San Diego, CA, 2009"},{"key":"5145_CR19","first-page":"23","volume-title":"Proceedings of the 5th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Paris","author":"B Prithvi","year":"2008","unstructured":"Prithvi B, Venkatakrishnan V N. XSS-GUARD: Precise dynamic prevention of cross-site scripting attacks. In: Proceedings of the 5th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Paris, 2008. 23\u201343"},{"key":"5145_CR20","first-page":"709","volume-title":"Proceedings of 7th International Conference on Computer and Information Technology, Fukushima","author":"J C Lin","year":"2007","unstructured":"Lin J C, Chen J M. The automatic defense mechanism for malicious injection attack. In: Proceedings of 7th International Conference on Computer and Information Technology, Fukushima, 2007. 709\u2013714"},{"key":"5145_CR21","first-page":"335","volume-title":"Proceedings of the 2008 Annual Computer Security Applications Conference, Anaheim","author":"J Martin","year":"2008","unstructured":"Martin J, Bjorn E, Joachim P. XSSDS: Server-side detection of cross-site scripting attacks. In: Proceedings of the 2008 Annual Computer Security Applications Conference, Anaheim, 2008. 335\u2013344"},{"key":"5145_CR22","volume-title":"Proceedings of the 16th European Symposium on Research in Computer Security (ESORICS)","author":"W Joel","year":"2011","unstructured":"Joel W, Prateek S, Devdatta A, et al. A systematic analysis of XSS sanitization in web application frameworks. In: Proceedings of the 16th European Symposium on Research in Computer Security (ESORICS), 2011"},{"key":"5145_CR23","volume-title":"Quo Vadis? A study of the evolution of input validation vulnerabilities in web applications","author":"S Theodoor","year":"2011","unstructured":"Theodoor S, Davide B, Engin K. Quo Vadis? A study of the evolution of input validation vulnerabilities in web applications, 2011, http:\/\/www.iseclab.org\/papers\/vuln_fcds.pdf"},{"key":"5145_CR24","volume-title":"Proceedings of the 2010 IEEE Symposium on Security and Privacy","author":"P Saxena","year":"2010","unstructured":"Saxena P, Akhawe D, Hanna S, et al. A symbolic execution framework for javascript. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, 2010"},{"key":"5145_CR25","volume-title":"Proceedings of 17th Annual Network & Distributed System Security Symposium","author":"P Saxena","year":"2010","unstructured":"Saxena P, Hanna S, Poosankam P, et al. FLAX: Systematic discovery of client-side validation vulnerabilities in rich web applications. In: Proceedings of 17th Annual Network & Distributed System Security Symposium, 2010"},{"key":"5145_CR26","volume-title":"Proceedings of the International Conference on Computational Science and Engineering","author":"R F Mohammad","year":"2009","unstructured":"Mohammad R F, Hossein S. Social Networks\u2019 XSS worms. In: Proceedings of the International Conference on Computational Science and Engineering, 2009"},{"key":"5145_CR27","first-page":"539","volume-title":"Proceedings of the 14th European Conference on Research in Computer Security, Saint-Malo","author":"F Q Sun","year":"2009","unstructured":"Sun F Q, Xu L, Su Z D. Client-side detection of XSS worms by monitoring payload propagation. In: Proceedings of the 14th European Conference on Research in Computer Security, Saint-Malo, 2009. 539\u2013554"},{"key":"5145_CR28","volume-title":"Proceedings of the IEEE Web 2.0 Security and Privacy Workshop (W2SP)","author":"F Adrienne","year":"2008","unstructured":"Adrienne F, David E. Privacy protection for social network APIs. In: Proceedings of the IEEE Web 2.0 Security and Privacy Workshop (W2SP), 2008"},{"key":"5145_CR29","volume-title":"Proceedings of the 18th USENIX Security Symposium","author":"S Kapil","year":"2009","unstructured":"Kapil S, Sumeer B, Wenke L. xBook: Redesigning privacy control in social network platforms. In: Proceedings of the 18th USENIX Security Symposium, 2009"},{"key":"5145_CR30","volume-title":"Proceedings of the 32nd IEEE Symposium on Security & Privacy","author":"R Wang","year":"2011","unstructured":"Wang R, Chen S, Wang X F, et al. How to shop for free online: Security analysis of cashier-as-a-service based web stores. In: Proceedings of the 32nd IEEE Symposium on Security & Privacy, 2011"},{"key":"5145_CR31","volume-title":"Proceedings of 20th Annual Network & Distributed System Security Symposium","author":"L Y Xing","year":"2013","unstructured":"Xing L Y, Chen Y Y, Wang X F, et al. InteGuard: Toward automatic protection of third-party web service integrations. In: Proceedings of 20th Annual Network & Distributed System Security Symposium, 2013"}],"container-title":["Science China Information Sciences"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11432-014-5145-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11432-014-5145-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11432-014-5145-1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T15:37:57Z","timestamp":1559403477000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11432-014-5145-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,9,29]]},"references-count":31,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2015,1]]}},"alternative-id":["5145"],"URL":"https:\/\/doi.org\/10.1007\/s11432-014-5145-1","relation":{},"ISSN":["1674-733X","1869-1919"],"issn-type":[{"value":"1674-733X","type":"print"},{"value":"1869-1919","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,9,29]]}}}