{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,2]],"date-time":"2026-02-02T21:47:45Z","timestamp":1770068865171,"version":"3.49.0"},"reference-count":23,"publisher":"Springer Science and Business Media LLC","issue":"S2","license":[{"start":{"date-parts":[[2016,5,28]],"date-time":"2016-05-28T00:00:00Z","timestamp":1464393600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int J  Syst  Assur  Eng  Manag"],"published-print":{"date-parts":[[2017,11]]},"DOI":"10.1007\/s13198-016-0489-0","type":"journal-article","created":{"date-parts":[[2016,5,28]],"date-time":"2016-05-28T06:53:50Z","timestamp":1464418430000},"page":"631-644","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["SECSIX: security engine for CSRF, SQL injection and XSS attacks"],"prefix":"10.1007","volume":"8","author":[{"given":"Bharti","family":"Nagpal","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Naresh","family":"Chauhan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nanhay","family":"Singh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,5,28]]},"reference":[{"key":"489_CR1","doi-asserted-by":"crossref","unstructured":"Barth A, Jackson C, Mitchell J (2008) Robust defenses for cross-site request forgery. In: CCS\u201908 proceedings of 15th ACM conference on Computer and communications security. New York, pp 75\u201388","DOI":"10.1145\/1455770.1455782"},{"key":"489_CR2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s13198-014-0272-z","volume":"6","author":"S Gupta","year":"2015","unstructured":"Gupta S, Gupta BB (2015a) Cross-site scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art. Int J Syst Assur Eng Manag 6:1\u201319","journal-title":"Int J Syst Assur Eng Manag"},{"issue":"3","key":"489_CR3","doi-asserted-by":"crossref","first-page":"897","DOI":"10.1007\/s13369-015-1891-7","volume":"41","author":"BB Gupta","year":"2015","unstructured":"Gupta BB, Gupta S (2015b) XSS-SAFE: a server-side approach to detect and mitigate cross-site scripting (XSS) attacks in JavaScript code. Arab J Sci Eng 41(3):897\u2013920","journal-title":"Arab J Sci Eng"},{"issue":"2","key":"489_CR4","first-page":"118","volume":"11","author":"BB Gupta","year":"2015","unstructured":"Gupta BB, Gupta S, Gangwar S, Kumar M, Meena PK (2015) Cross-site scripting (XSS) abuse and defense: exploitation on several testing bed environments and its defense. J Inf Priv Sec 11(2):118\u2013136","journal-title":"J Inf Priv Sec"},{"key":"489_CR5","doi-asserted-by":"crossref","unstructured":"Halfond W, Orso A (2005) AMNESIA: analysis and monitoring for neutralizing SQL\u2014injection attacks. In: Proceedings of 20th IEEE and ACM international conference on automated software engineering, pp 174\u2013183. ACM, New York","DOI":"10.1145\/1101908.1101935"},{"key":"489_CR6","doi-asserted-by":"crossref","unstructured":"Jovanovic N, Kirda E, Kruegel C (2006) Preventing cross-site request forgery attacks. In: Proceedings of IEEE international conference on Securecomm and workshops. Baltimore, MD, pp 1\u201310","DOI":"10.1109\/SECCOMW.2006.359531"},{"key":"489_CR7","doi-asserted-by":"crossref","unstructured":"Junjin M (2009) An approach for SQL injection vulnerability detection. In: Proceedings of 6th IEEE international conference on information technology: new generations. Las Vegas, pp 1411\u20131414","DOI":"10.1109\/ITNG.2009.34"},{"key":"489_CR8","first-page":"199","volume-title":"ARDILLA proceedings of the 31st international conference on software engineering","author":"A Kiezun","year":"2009","unstructured":"Kiezun A, Guo PJ, Jayaraman K, Ernst MD (2009) Automatic Creation of SQL injection and cross-site scripting attacks. ARDILLA proceedings of the 31st international conference on software engineering. ICSE, Vancouver, pp 199\u2013209"},{"key":"489_CR9","first-page":"3","volume-title":"InfoSecHiComNet\u201911 proceeding of the first international conference on security aspects of information technology","author":"S Kunal","year":"2011","unstructured":"Kunal S, Mohan Das R, Pais AR (2011) Model based hybrid approach to prevent SQL injection attacks in PHP. InfoSecHiComNet\u201911 proceeding of the first international conference on security aspects of information technology. Springer, Berlin, pp 3\u201315"},{"key":"489_CR10","doi-asserted-by":"crossref","first-page":"486","DOI":"10.1109\/CSE.2009.372","volume-title":"CSE\u201909 proceedings of IEEE international conference on computational science and engineering","author":"X Lin","year":"2009","unstructured":"Lin X, Zavarsky P, Ruhl R, Lindskog D (2009) Threat modeling for CSRF attacks. CSE\u201909 proceedings of IEEE international conference on computational science and engineering, vol 3. Vancover, BC, pp 486\u2013491"},{"key":"489_CR11","doi-asserted-by":"crossref","unstructured":"Louw MT, Venkatakrishnan VN (2009) BLUEPRINT: robust prevention of cross-site scripting attacks for existing browsers. In: Proceedings of 30th IEEE international symposium on security and privacy. Berkeley, CA, pp 331\u2013346","DOI":"10.1109\/SP.2009.33"},{"key":"489_CR12","doi-asserted-by":"crossref","unstructured":"Maes W, Heyman T, Desmet L, Joosen W (2009) Browser protection against cross-site request forgery. In: Secu Code\u201909 proceedings of the first ACM workshop on secure execution of untrusted code. New York, pp 3\u201310","DOI":"10.1145\/1655077.1655081"},{"issue":"2","key":"489_CR14","first-page":"1","volume":"13","author":"B Prithvi","year":"2010","unstructured":"Prithvi B, Madhusudan P, Venkatakrishnan VN (2010) CANDID: dynamic candidate evaluations for automatic prevention of SQL injection attacks. ACM Trans Inf Syst Secur 13(2):1\u201339","journal-title":"ACM Trans Inf Syst Secur"},{"key":"489_CR15","unstructured":"Qianjie Z, Chen H, San J (2007) An execution-flow based method for detecting cross-site scripting attacks. In: SEDM proceedings of international conference on software engineering and data mining. Shanghai, pp 160\u2013165"},{"key":"489_CR16","unstructured":"Raju H, Cortesi A (2010) Obfuscation-based analysis of SQL injection attacks. In: ISCC\u201910 proceedings of the IEEE symposium on computers and communications. Riccione, pp 931\u2013938"},{"key":"489_CR17","unstructured":"Rattipong P, Bunyatnoparat P (2011) Protecting cookies from cross site script attacks using dynamic cookies rewriting technique. In: ICACT proceedings of 13th IEEE international conference on advanced communication technology, pp 1090\u20131094"},{"key":"489_CR18","unstructured":"Salas MIP, Martins E (2014) Security testing methodology for vulnerabilities detection of XSS in Web services and WS-security. Electron Notes Theor Comput Sci 302:133\u2013154. ISSN:1571-0661"},{"key":"489_CR19","doi-asserted-by":"crossref","unstructured":"Saleh AZM, Rozali NA, Buja AG, Jalil KA, Ali FHM, Rahman TFA (2015) A method for Web application vulnerabilities detection by using Boyer\u2013Moore string matching algorithm. Proc Comput Sci 72:112\u2013121. ISSN:1877-0509","DOI":"10.1016\/j.procs.2015.12.111"},{"key":"489_CR20","doi-asserted-by":"crossref","unstructured":"Shahriar H, Zulkernine M (2010) Client-side detection of cross-site request forgery attacks. In: ISSRE proceedings of 21st IEEE international symposium on software reliability engineering. San Jose, CA, pp 358\u2013367","DOI":"10.1109\/ISSRE.2010.12"},{"issue":"3","key":"489_CR21","doi-asserted-by":"crossref","first-page":"55","DOI":"10.1109\/MC.2011.261","volume":"45","author":"LK Shar","year":"2012","unstructured":"Shar LK, Tan HBK (2012) Defending against cross-site scripting attacks. IEEE Comput Soc 45(3):55\u201362","journal-title":"IEEE Comput Soc"},{"issue":"4","key":"489_CR22","doi-asserted-by":"crossref","first-page":"343","DOI":"10.1007\/s13198-012-0125-6","volume":"3","author":"P Sharma","year":"2012","unstructured":"Sharma P, Johari R, Sarma SS (2012) Integrated approach to prevent SQL injection attack and reflected cross site scripting attack. Int J Syst Assur Eng Manag 3(4):343\u2013351","journal-title":"Int J Syst Assur Eng Manag"},{"key":"489_CR23","unstructured":"The Open Web Application Security Project (OWASP) (2012) TOP 10 2010\u2014main. \n                        https:\/\/www.owasp.org\/index.php\/Top_10_2010\n                        \n                     Main. Accessed 13 Jan 2012"},{"key":"489_CR24","unstructured":"Zhang K-X, Lin C-H, Chen S-J, Hwang YL, Huang H-L, Hsu F-H (2011) TransSQL: a translation and validation\u2014based solution for SQL\u2014injection attacks. In: RVSP proceedings of 1st IEEE international conference on robot, vision and signal processing. Kaohsiung, pp 248\u2013251"}],"container-title":["International Journal of System Assurance Engineering and Management"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s13198-016-0489-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s13198-016-0489-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s13198-016-0489-0","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s13198-016-0489-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,2]],"date-time":"2019-06-02T14:48:52Z","timestamp":1559486932000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s13198-016-0489-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,5,28]]},"references-count":23,"journal-issue":{"issue":"S2","published-print":{"date-parts":[[2017,11]]}},"alternative-id":["489"],"URL":"https:\/\/doi.org\/10.1007\/s13198-016-0489-0","relation":{},"ISSN":["0975-6809","0976-4348"],"issn-type":[{"value":"0975-6809","type":"print"},{"value":"0976-4348","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,5,28]]}}}