{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T08:13:36Z","timestamp":1759133616685},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2016,12,29]],"date-time":"2016-12-29T00:00:00Z","timestamp":1482969600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Autom. Comput."],"published-print":{"date-parts":[[2017,2]]},"DOI":"10.1007\/s11633-016-1051-x","type":"journal-article","created":{"date-parts":[[2016,12,29]],"date-time":"2016-12-29T10:03:33Z","timestamp":1483005813000},"page":"106-118","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Lom: Discovering logic flaws within MongoDB-based web applications"],"prefix":"10.1007","volume":"14","author":[{"given":"Shuo","family":"Wen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuan","family":"Xue","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jing","family":"Xu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Li-Ying","family":"Yuan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wen-Li","family":"Song","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hong-Ji","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guan-Nan","family":"Si","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,12,29]]},"reference":[{"key":"1051_CR1","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1007\/978-3-540-74320-0_4","volume-title":"Proceedings of the 10th International Conference on Recent Advances in Intrusion Detection, Springer, Queensland, Australia","author":"M. Cova","year":"2007","unstructured":"M. Cova, D. Balzarotti, V. Felmetsger, G. Vigna. Swaddler: An approach for the anomaly-based detection of state violations in web applications. In Proceedings of the 10th International Conference on Recent Advances in Intrusion Detection, Springer, Queensland, Australia, pp. 63\u201386, 2007."},{"key":"1051_CR2","unstructured":"DB-Engines Ranking, July 2014, [Online], Available: http:\/\/dbengines.com\/en\/ranking."},{"key":"1051_CR3","doi-asserted-by":"crossref","first-page":"575","DOI":"10.1145\/2046707.2046774","volume-title":"Proceedings of the 18th ACM Conference on Computer and Communications Security","author":"P. Bisht","year":"2011","unstructured":"P. Bisht, T. Hinrichs, N. Skrupsky, V. N. Venkatakrishnan. WAPTEC: Whitebox analysis of web applications for parameter tampering exploit construction. In Proceedings of the 18th ACM Conference on Computer and Communications Security, ACM, Chicago, USA, pp. 575\u2013586, 2011."},{"key":"1051_CR4","first-page":"1069","volume-title":"Proceedings of ACM International Conference on Object Oriented Programming Systems Languages and Applications, ACM, Portland, USA","author":"S. Son","year":"2011","unstructured":"S. Son, K. S. McKinley, V. Shmatikov. RoleCast: Finding missing security checks when you do not know what checks are. In Proceedings of ACM International Conference on Object Oriented Programming Systems Languages and Applications, ACM, Portland, USA, pp. 1069\u20131084, 2011."},{"key":"1051_CR5","first-page":"10","volume-title":"Proceedings of the 19th USENIX Conference on Security, USENIX Association, Berkeley, USA","author":"V. Felmetsger","year":"2010","unstructured":"V. Felmetsger, L. Cavedon, C. Kruegel, G. Vigna. Toward automated detection of logic vulnerabilities in web applications. In Proceedings of the 19th USENIX Conference on Security, USENIX Association, Berkeley, USA, pp. 10, 2010."},{"key":"1051_CR6","first-page":"25","volume-title":"Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy","author":"X. W. Li","year":"2012","unstructured":"X. W. Li, W. Yan, Y. Xue. SENTINEL: Securing database from logic flaws in web applications. In Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy, ACM, San Antonio, USA, pp. 25\u201336, 2012."},{"key":"1051_CR7","first-page":"49","volume-title":"Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, ACM, San Antonio, USA","author":"X. W. Li","year":"2014","unstructured":"X. W. Li, X. J. Si, Y. Xue. Automated black-box detection of access control vulnerabilities in web applications. In Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, ACM, San Antonio, USA, pp. 49\u201360, 2014."},{"key":"1051_CR8","first-page":"251","volume-title":"Proceedings of the 18th ACM Conference on Computer and Communications Security, ACM, Chicago, USA","author":"A. Doup\u00e9","year":"2011","unstructured":"A. Doup\u00e9, B. Boe, C. Kruegel, G. Vigna. Fear the EAR: Discovering and mitigating execution after redirect vulnerabilities. In Proceedings of the 18th ACM Conference on Computer and Communications Security, ACM, Chicago, USA, pp. 251\u2013262, 2011."},{"key":"1051_CR9","first-page":"607","volume-title":"Proceedings of the 17th ACM Conference on Computer and Communications Security, ACM, Chicago, USA","author":"P. Bisht","year":"2010","unstructured":"P. Bisht, T. Hinrichs, N. Skrupsky, R. Bobrowicz, V. N. Venkatakrishnan. NoTamper: Automatic blackbox detection of parameter tampering opportunities in web applications. In Proceedings of the 17th ACM Conference on Computer and Communications Security, ACM, Chicago, USA, pp. 607\u2013618, 2010."},{"key":"1051_CR10","first-page":"26","volume-title":"Proceedings of the 21st USENIX Conference on Security Symposium, USENIX Association, Berkeley, USA","author":"A. Doup\u00e9","year":"2012","unstructured":"A. Doup\u00e9, L. Cavedon, C. Kruegel, G. Vigna. Enemy of the state: A state-aware black-box web vulnerability scanner. In Proceedings of the 21st USENIX Conference on Security Symposium, USENIX Association, Berkeley, USA, pp. 26, 2012."},{"issue":"5","key":"1051_CR11","doi-asserted-by":"crossref","first-page":"1045","DOI":"10.1002\/j.1538-7305.1955.tb03788.x","volume":"34","author":"G. H. Mealy","year":"1955","unstructured":"G. H. Mealy. A method for synthesizing sequential circuits. Bell System Technical Journal, vol. 34, no. 5, pp. 1045\u20131079, 1955.","journal-title":"Bell System Technical Journal"},{"key":"1051_CR12","first-page":"541","volume-title":"Proceedings of the 10th International Conference on Trust, Security and Privacy in Computing and Communications, IEEE, Changsha, China","author":"L. Okman","year":"2011","unstructured":"L. Okman, N. Gal-Oz, Y. Gonen, E. Gudes, J. Abramov. Security issues in NoSQL databases. In Proceedings of the 10th International Conference on Trust, Security and Privacy in Computing and Communications, IEEE, Changsha, China, pp. 541\u2013547, 2011."},{"key":"1051_CR13","volume-title":"Proceedings of the 2nd International Workshop on Dependability Issues in Cloud Computing","author":"L. Aniello","year":"2013","unstructured":"L. Aniello, S. Bonomi, M. Breno, R. Baldoni. Assessing data availability of Cassandra in the presence of non-accurate membership. In Proceedings of the 2nd International Workshop on Dependability Issues in Cloud Computing, ACM, Braga, Portugal, Article number 2, 2013."},{"key":"1051_CR14","first-page":"263","volume-title":"Proceedings of the 18th ACM Conference on Computer and Communications Security, ACM, Chicago, USA","author":"P. Chapman","year":"2011","unstructured":"P. Chapman, D. Evans. Automated black-box detection of side-channel vulnerabilities in web applications. In Proceedings of the 18th ACM Conference on Computer and Communications Security, ACM, Chicago, USA, pp. 263\u2013274, 2011."},{"key":"1051_CR15","doi-asserted-by":"crossref","first-page":"148","DOI":"10.1145\/775152.775174","volume-title":"Proceedings of the 12th International Conference on World Wide Web, ACM, Budapest, Hungary","author":"Y. W. Huang","year":"2003","unstructured":"Y. W. Huang, S. K. Huang, T. P. Lin, C. H. Tsai. Web application security assessment by fault injection and behavior monitoring. In Proceedings of the 12th International Conference on World Wide Web, ACM, Budapest, Hungary, pp. 148\u2013159, 2003."},{"key":"1051_CR16","first-page":"31","volume-title":"Proceedings of the 17th Conference on USENIX Security Symposium, USENIX Association, Berkeley, USA","author":"M. Martin","year":"2008","unstructured":"M. Martin, M. S. Lam. Automatic generation of XSS and SQL injection attacks with goal-directed model checking. In Proceedings of the 17th Conference on USENIX Security Symposium, USENIX Association, Berkeley, USA, pp. 31\u201343, 2008."},{"key":"1051_CR17","doi-asserted-by":"crossref","first-page":"247","DOI":"10.1145\/1135777.1135817","volume-title":"Proceedings of the 15th International Conference on World Wide Web, ACM, Edinburgh, UK","author":"S. Kals","year":"2006","unstructured":"S. Kals, E. Kirda, C. Kruegel, N. Jovanovic. Secubat: Aweb vulnerability scanner. In Proceedings of the 15th International Conference on World Wide Web, ACM, Edinburgh, UK, pp. 247\u2013256, 2006."},{"key":"1051_CR18","first-page":"267","volume-title":"Proceedings of the 18th Conference on USENIX Security Symposium, USENIX Association, Berkeley, USA","author":"M. Dalton","year":"2009","unstructured":"M. Dalton, C. Kozyrakis, N. Zeldovich. Nemesis: Preventing authentication & access control vulnerabilities in web applications. In Proceedings of the 18th Conference on USENIX Security Symposium, USENIX Association, Berkeley, USA, pp. 267\u2013282, 2009."},{"key":"1051_CR19","first-page":"154","volume-title":"Proceedings of the 30th IEEE Symposium on Security and Privacy, IEEE, Oakland","author":"B. Parno","year":"2009","unstructured":"B. Parno, J. M. McCune, D. Wendlandt, D. G. Andersen, A. Perrig. CLAMP: Practical prevention of large-scale data leaks. In Proceedings of the 30th IEEE Symposium on Security and Privacy, IEEE, Oakland, USA, pp. 154\u2013169, 2009."},{"key":"1051_CR20","doi-asserted-by":"crossref","first-page":"247","DOI":"10.1145\/2076732.2076767","volume-title":"Proceedings of the 27th Annual Computer Security Applications Conference","author":"X. W. Li","year":"2011","unstructured":"X. W. Li, Y. Xue. BLOCK: A black-box approach for detection of state violation attacks towards web applications. In Proceedings of the 27th Annual Computer Security Applications Conference, ACM, Orlando, USA, pp. 247\u2013256, 2011."},{"key":"1051_CR21","first-page":"11","volume-title":"Proceedings of the 20th USENIX Conference on Security, USENIX Association","author":"F. Q. Sun","year":"2011","unstructured":"F. Q. Sun, L. Xu, Z. D. Su. Static detection of access control vulnerabilities in web applications. In Proceedings of the 20th USENIX Conference on Security, USENIX Association, Berkeley, USA, pp. 11, 2011."},{"key":"1051_CR22","first-page":"25","volume-title":"Proceedings of the 14th ACM Conference on Computer and Communications Security, ACM, Alexandria, USA","author":"D. Balzarotti","year":"2007","unstructured":"D. Balzarotti, M. Cova, V. V. Felmetsger, G. Vigna. Multimodule vulnerability analysis of web-based applications. In Proceedings of the 14th ACM Conference on Computer and Communications Security, ACM, Alexandria, USA, pp. 25\u201335, 2007."},{"key":"1051_CR23","volume-title":"Proceedings of 20th Network and Distributed System Security Symposium","author":"S. Son","year":"2013","unstructured":"S. Son, K. S. McKinley, V. Shmatikov. Fix me up: Repairing access-control bugs in web applications. In Proceedings of 20th Network and Distributed System Security Symposium, Internet Society, San Diego, USA, 2013."},{"key":"1051_CR24","volume-title":"Proceedings of 20th Annual Network and Distributed System Security Symposium, Internet Society","author":"L. Y. Xing","year":"2013","unstructured":"L. Y. Xing, Y. Y. Chen, X. F. Wang, S. Chen. InteGuard: Toward automatic protection of third-party web service integrations. In Proceedings of 20th Annual Network and Distributed System Security Symposium, Internet Society, San Diego, USA, 2013."},{"key":"1051_CR25","volume-title":"Network and Distributed System Security Symposium, Internet Society","author":"G. Pellegrino","year":"2014","unstructured":"G. Pellegrino, D. Balzarotti. Toward black-box detection of logic flaws in web applications. In Network and Distributed System Security Symposium, Internet Society, San Diego, USA, 2014."},{"key":"1051_CR26","first-page":"481","volume-title":"Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ACM, Hangzhou, China","author":"X. W. Li","year":"2013","unstructured":"X. W. Li, Y. Xue. LogicScope: Automatic discovery of logic vulnerabilities within web applications. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ACM, Hangzhou, China, pp. 481\u2013486, 2013."},{"key":"1051_CR27","volume-title":"Proceedings of the 40th Annual IEEE Computer Software and Applications Conference","author":"S. Wen","year":"2016","unstructured":"S. Wen, Y. Xue, J. Xu, H. J. Yang, X. H. Li, W. L. Song, G. N. Si. Toward exploiting access control vulnerabilities within mongodb backend web applications. In Proceedings of the 40th Annual IEEE Computer Software and Applications Conference, IEEE, Atlanta, USA, 2016."},{"key":"1051_CR28","first-page":"465","volume-title":"Proceedings of the 32nd IEEE Symposium on Security and Privacy, IEEE, Berkeley, USA","author":"R. Wang","year":"2011","unstructured":"R. Wang, S. Chen, X. F. Wang, S. Qadeer. How to shop for free online\u2013security analysis of cashier-as-a- service based web stores. In Proceedings of the 32nd IEEE Symposium on Security and Privacy, IEEE, Berkeley, USA, pp. 465\u2013480, 2011."},{"key":"1051_CR29","first-page":"365","volume-title":"Proceedings of IEEE Symposium on Security and Privacy, IEEE, Washington DC, USA","author":"R. Wang","year":"2012","unstructured":"R. Wang, S. Chen, X. F. Wang. Signing me onto your accounts through facebook and google: A traffic-guided security study of commercially deployed single-sign-on web services. In Proceedings of IEEE Symposium on Security and Privacy, IEEE, Washington DC, USA, pp. 365\u2013379, 2012."},{"key":"1051_CR30","doi-asserted-by":"crossref","first-page":"1421","DOI":"10.1145\/2488388.2488512","volume-title":"Proceedings of the 22nd International Conference on World Wide Web, ACM, Rio de Janiero, Brazil","author":"Q. Wu","year":"2013","unstructured":"Q. Wu, L. Wu, G. T. Liang, Q. X. Wang, T. Xie, H. Mei. Inferring dependency constraints on parameters for web services. In Proceedings of the 22nd International Conference on World Wide Web, ACM, Rio de Janiero, Brazil, pp. 1421\u20131432, 2013."},{"key":"1051_CR31","doi-asserted-by":"crossref","first-page":"561","DOI":"10.1145\/1526709.1526785","volume-title":"Proceedings of the 18th International Conference onWorld WideWeb, ACM,Madrid, Spain","author":"A. Guha","year":"2009","unstructured":"A. Guha, S. Krishnamurthi, T. Jim. Using static analysis for Ajax intrusion detection. In Proceedings of the 18th International Conference onWorld WideWeb, ACM,Madrid, Spain, pp. 561\u2013570, 2009."},{"key":"1051_CR32","doi-asserted-by":"crossref","first-page":"551","DOI":"10.1145\/1772690.1772747","volume-title":"Proceedings of the 19th International Conference on World Wide Web, ACM, Raleigh, USA","author":"A. Krishnamurthy","year":"2010","unstructured":"A. Krishnamurthy, A. Mettler, D. Wagner. Fine-grained privilege separation for web applications. In Proceedings of the 19th International Conference on World Wide Web, ACM, Raleigh, USA, pp. 551\u2013560, 2010."},{"key":"1051_CR33","first-page":"199","volume-title":"Proceedings of the 31st International Conference on Software Engineering, IEEE, Washington DC, USA","author":"A. Kieyzun","year":"2009","unstructured":"A. Kieyzun, P. J. Guo, K. Jayaraman, M. D. Ernst. Automatic creation of SQL injection and cross-site scripting attacks. In Proceedings of the 31st International Conference on Software Engineering, IEEE, Washington DC, USA, pp. 199\u2013209, 2009."},{"key":"1051_CR34","volume-title":"Proceedings of the 17th Annual Network and Distributed System Security Symposium","author":"P. Saxena","year":"2010","unstructured":"P. Saxena, S. Hanna, P. Poosankam, D. Song. Flax: Systematic discovery of client-side validation vulnerabilities in rich web applications. In Proceedings of the 17th Annual Network and Distributed System Security Symposium, NDSS, San Diego, USA, 2010."}],"container-title":["International Journal of Automation and Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11633-016-1051-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11633-016-1051-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11633-016-1051-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,20]],"date-time":"2022-07-20T05:24:22Z","timestamp":1658294662000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11633-016-1051-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,12,29]]},"references-count":34,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2017,2]]}},"alternative-id":["1051"],"URL":"https:\/\/doi.org\/10.1007\/s11633-016-1051-x","relation":{},"ISSN":["1476-8186","1751-8520"],"issn-type":[{"type":"print","value":"1476-8186"},{"type":"electronic","value":"1751-8520"}],"subject":[],"published":{"date-parts":[[2016,12,29]]}}}