{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T12:52:25Z","timestamp":1774356745324,"version":"3.50.1"},"reference-count":66,"publisher":"IEEE","license":[{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,5]]},"DOI":"10.1109\/spw54247.2022.9833858","type":"proceedings-article","created":{"date-parts":[[2022,7,25]],"date-time":"2022-07-25T20:14:47Z","timestamp":1658780087000},"page":"31-43","source":"Crossref","is-referenced-by-count":9,"title":["Measuring Developers\u2019 Web Security Awareness from Attack and Defense Perspectives"],"prefix":"10.1109","author":[{"given":"Merve","family":"Sahin","sequence":"first","affiliation":[{"name":"SAP Security Research,France"}]},{"given":"Tolga","family":"Unlu","sequence":"additional","affiliation":[{"name":"Abertay University,Division of Cyber Security, School of Design and Informatics,Dundee,United Kingdom"}]},{"given":"Cedric","family":"Hebert","sequence":"additional","affiliation":[{"name":"SAP Security Research,France"}]},{"given":"Lynsay A.","family":"Shepherd","sequence":"additional","affiliation":[{"name":"Abertay University,Division of Cyber Security, School of Design and Informatics,Dundee,United Kingdom"}]},{"given":"Natalie","family":"Coull","sequence":"additional","affiliation":[{"name":"Abertay University,Division of Cyber Security, School of Design and Informatics,Dundee,United Kingdom"}]},{"given":"Colin Mc","family":"Lean","sequence":"additional","affiliation":[{"name":"Abertay University,Division of Cyber Security, School of Design and Informatics,Dundee,United Kingdom"}]}],"member":"263","reference":[{"key":"ref39","article-title":"CWE - CWE-20: Improper Input Validation (4.6)","year":"2021"},{"key":"ref38","article-title":"CWE - 2021 CWE Top 25 Most Dangerous Software Weaknesses","year":"2021"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.14722\/eurousec.2017.23015"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3140549.3140555"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.3390\/fi11020044"},{"key":"ref30","article-title":"The Rise of IDOR | HackerOne","year":"2021"},{"key":"ref37","article-title":"CWE - 2020 CWE Top 25 Most Dangerous Software Weaknesses","year":"2020"},{"key":"ref36","article-title":"CWE - 2019 CWE Top 25 Most Dangerous Software Weaknesses","year":"2019"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/3471621.3471846"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/3412841.3442036"},{"key":"ref60","article-title":"Stack Overflow Developer Survey 2021","year":"2021"},{"key":"ref62","first-page":"2579","article-title":"Viualizing data using t-sne","volume":"9","author":"van der maaten","year":"2008","journal-title":"Journal of Machine Learning Research"},{"key":"ref61","first-page":"1","article-title":"A Taxonomy of Approaches for Integrating Attack Awareness in Applications","author":"\u00fcnl\u00fc","year":"2020","journal-title":"2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)"},{"key":"ref63","article-title":"Creating Attack-Aware Software Applications with Real-Time Defenses","volume":"24","author":"watson","year":"2011","journal-title":"Crosstalk The Journal of Defense Software Engineering"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2016.111"},{"key":"ref64","article-title":"OWASP AppSensor Guide - Application-Specific Real Time Attack Detection & Response - Version 2.0","author":"watson","year":"2015"},{"key":"ref27","article-title":"I just looked for the solution!","author":"gorski","year":"2021","journal-title":"- On Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices \" IEEE Transactions on Software Engineering"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.24251\/HICSS.2019.877"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-58460-7_11"},{"key":"ref29","article-title":"Organizations Paid Hackers $23.5 Million for These 10 Vulnerabilities in One Year | HackerOne","year":"2020"},{"key":"ref2","article-title":"Security, Authentication, and Authorization in ASP.NET MVC | Microsoft Docs","year":"2020"},{"key":"ref1","article-title":"Security | Microsoft Docs","year":"2020"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev51306.2021.00023"},{"key":"ref22","article-title":"NVD - CVE-2017-5638","author":"database","year":"2017"},{"key":"ref21","article-title":"Retrospective: Recent Coinbase Bug Bounty Award | by Coinbase | Feb, 2022 | The Coinbase Blog","year":"2022"},{"key":"ref24","first-page":"1","author":"gorski","year":"2020","journal-title":"Listen to Developers! A Participatory Design Study on Security Warnings for Cryptographic APIs"},{"key":"ref23","article-title":"Exploring the Relationship Between Web Application Development Tools and Security","author":"finifter","year":"2011","journal-title":"2nd USENIX Conference on Web Application Development (WebApps 11)"},{"key":"ref26","first-page":"170","article-title":"Warn if Secure or How to Deal with Security by Default in Software Development?","author":"gorski","year":"2018","journal-title":"HAIS"},{"key":"ref25","first-page":"265","article-title":"Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse","author":"gorski","year":"2018","journal-title":"Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018)"},{"key":"ref50","article-title":"OWASP Top 10:2021","year":"2021"},{"key":"ref51","article-title":"Explaining and Implementing kMeans Algorithm in Python","author":"vatsal","year":"2021"},{"key":"ref59","article-title":"KMeans clustering","year":"2022"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/2245276.2232004"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.14722\/madweb.2020.23005"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484780"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3407023.3407081"},{"key":"ref54","article-title":"Web Security Academy - All labs","year":"2022"},{"key":"ref53","article-title":"Cross-site scripting (XSS) cheat sheet","year":"2022"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/3184558.3188736"},{"key":"ref10","article-title":"Express basic routing","year":"0"},{"key":"ref11","article-title":"Installation - Laravel - The PHP Framework For Web Artisans","year":"0"},{"key":"ref40","article-title":"CWE - CWE-79: Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’)","year":"2021"},{"key":"ref12","article-title":"Protection Against Exploits :: Spring Security","year":"0"},{"key":"ref13","article-title":"Security Best Practices for Express in Production","year":"0"},{"key":"ref14","article-title":"Security Considerations - Flask Documentation (2.0.x)","year":"0"},{"key":"ref15","article-title":"Security (Symfony Docs)","year":"0"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.25"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2016.013"},{"key":"ref18","article-title":"Experiences with Honey-Patching in Active Cyber Security Education","author":"araujo","year":"2015","journal-title":"8th Workshop on Cyber Security Experimentation and Test (CSET 15)"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00054"},{"key":"ref4","article-title":"Security, Authentication, and Authorization in ASP.NET Web Forms | Microsoft Docs","year":"2020"},{"key":"ref3","article-title":"Security, Authentication, and Authorization in ASP.NET Web API | Microsoft Docs","year":"2020"},{"key":"ref6","article-title":"Security in Django | Django documentation | Django","year":"2022"},{"key":"ref5","article-title":"ASP.NET Core Blazor authentication and authorization | Microsoft Docs","year":"2022"},{"key":"ref8","article-title":"Angular - Security","year":"0"},{"key":"ref7","article-title":"Web on Servlet Stack","year":"2022"},{"key":"ref49","article-title":"Cross-Site Scripting Prevention - OWASP Cheat Sheet Series","year":"2021"},{"key":"ref9","article-title":"AngularJS: Developer Guide: Security","year":"0"},{"key":"ref46","article-title":"A07:2021 – Identification and Authentication Failures","year":"2021"},{"key":"ref45","article-title":"A05:2021 – Security Misconfiguration","year":"2021"},{"key":"ref48","article-title":"A10:2021 – Server-Side Request Forgery (SSRF)","year":"2021"},{"key":"ref47","article-title":"A08:2021 – Software and Data Integrity Failures","year":"2021"},{"key":"ref42","article-title":"OWASP Proactive Controls | OWASP Foundation","year":"2018"},{"key":"ref41","article-title":"OWASP Top Ten 2017 | Table of Contents | OWASP Foundation","year":"2017"},{"key":"ref44","article-title":"A03:2021 – Injection","year":"2021"},{"key":"ref43","article-title":"A01:2021 – Broken Access Control","year":"2021"}],"event":{"name":"2022 IEEE Security and Privacy Workshops (SPW)","location":"San Francisco, CA, USA","start":{"date-parts":[[2022,5,22]]},"end":{"date-parts":[[2022,5,26]]}},"container-title":["2022 IEEE Security and Privacy Workshops (SPW)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9833855\/9833856\/09833858.pdf?arnumber=9833858","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,15]],"date-time":"2022-08-15T20:02:41Z","timestamp":1660593761000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9833858\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5]]},"references-count":66,"URL":"https:\/\/doi.org\/10.1109\/spw54247.2022.9833858","relation":{},"subject":[],"published":{"date-parts":[[2022,5]]}}}