{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,17]],"date-time":"2026-01-17T20:59:16Z","timestamp":1768683556359,"version":"3.49.0"},"reference-count":29,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013,5]]},"DOI":"10.1109\/icse.2013.6606610","type":"proceedings-article","created":{"date-parts":[[2013,10,1]],"date-time":"2013-10-01T14:38:03Z","timestamp":1380638283000},"page":"642-651","source":"Crossref","is-referenced-by-count":68,"title":["Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis"],"prefix":"10.1109","author":[{"given":"Lwin Khin","family":"Shar","sequence":"first","affiliation":[]},{"given":"Hee","family":"Beng Kuan Tan","sequence":"additional","affiliation":[]},{"given":"Lionel C.","family":"Briand","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"19","author":"palmer","year":"2007","journal-title":"Web Application Vulnerabilities Detect"},{"key":"17","article-title":"Intrusion detection with unlabeled data using clustering","author":"portnoy","year":"2001","journal-title":"Proc ACM CSS Workshop on Data Mining Applied to Security"},{"key":"18","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10646-0_55"},{"key":"15","doi-asserted-by":"publisher","DOI":"10.1007\/s10515-010-0069-5"},{"key":"16","doi-asserted-by":"publisher","DOI":"10.1145\/2351676.2351733"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2009.06.055"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2008.35"},{"key":"11","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.22"},{"key":"12","doi-asserted-by":"publisher","DOI":"10.1016\/S0164-1212(99)00102-8"},{"key":"21","first-page":"199","article-title":"Automatic creation of SQL injection and cross-site scripting attacks","author":"kieun","year":"2009","journal-title":"International Conference on Software Engineering"},{"key":"20","first-page":"1","article-title":"Statistical comparisons of classifiers over multiple data sets","volume":"7","author":"dems?ar","year":"2006","journal-title":"Journal of Machine Learning Research"},{"key":"22","first-page":"31","article-title":"Automatic generation of XSS and SQL injection attacks with goal-directed model checking","author":"martin","year":"2008","journal-title":"USENIX Security Symposium"},{"key":"23","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.81"},{"key":"24","first-page":"545","article-title":"Security of open source web applications","author":"walden","year":"2009","journal-title":"International Symposium on Empirical Software Engineering and Measurement"},{"key":"25","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2006.50"},{"key":"26","first-page":"529","article-title":"Predicting vulnerable software components","author":"neuhaus","year":"2007","journal-title":"ACM Conference on Computer and Communications Security"},{"key":"27","first-page":"535","article-title":"A string constraint solver for detecting web application vulnerability","author":"fu","year":"2010","journal-title":"International conference on Software Engineering and Knowledge Engineering"},{"key":"28","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250739"},{"key":"29","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2011.12.006"},{"key":"3","first-page":"258","article-title":"Pixy: A static analysis tool for detecting web application vulnerabilities","author":"jovanovic","year":"2006","journal-title":"IEEE Symposium on Security and Privacy"},{"key":"2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2012.6227096"},{"key":"10","year":"2012"},{"key":"1","year":"2012","journal-title":"The Open Web Application Security Project"},{"key":"7","year":"0"},{"key":"6","year":"2012"},{"key":"5","year":"2012"},{"key":"4","first-page":"179","article-title":"Static detection of security vulnerabilities in scripting languages","author":"xie","year":"2006","journal-title":"USENIX Security Symposium"},{"key":"9","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2008.80"},{"key":"8","doi-asserted-by":"publisher","DOI":"10.1145\/24039.24041"}],"event":{"name":"2013 35th International Conference on Software Engineering (ICSE)","location":"San Francisco, CA, USA","start":{"date-parts":[[2013,5,18]]},"end":{"date-parts":[[2013,5,26]]}},"container-title":["2013 35th International Conference on Software Engineering (ICSE)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6596173\/6606539\/06606610.pdf?arnumber=6606610","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,3,22]],"date-time":"2017-03-22T22:19:04Z","timestamp":1490221144000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6606610\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,5]]},"references-count":29,"URL":"https:\/\/doi.org\/10.1109\/icse.2013.6606610","relation":{},"subject":[],"published":{"date-parts":[[2013,5]]}}}