{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T12:30:01Z","timestamp":1766493001008,"version":"3.37.3"},"reference-count":64,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"3","license":[{"start":{"date-parts":[[2018,9,1]],"date-time":"2018-09-01T00:00:00Z","timestamp":1535760000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Rel."],"published-print":{"date-parts":[[2018,9]]},"DOI":"10.1109\/tr.2018.2839339","type":"journal-article","created":{"date-parts":[[2018,6,28]],"date-time":"2018-06-28T18:42:48Z","timestamp":1530211368000},"page":"1159-1175","source":"Crossref","is-referenced-by-count":48,"title":["Benchmarking Static Analysis Tools for Web Security"],"prefix":"10.1109","volume":"67","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2719-9318","authenticated-orcid":false,"given":"Paulo","family":"Nunes","sequence":"first","affiliation":[]},{"given":"Iberia","family":"Medeiros","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4710-9292","authenticated-orcid":false,"given":"Jose C.","family":"Fonseca","sequence":"additional","affiliation":[]},{"given":"Nuno","family":"Neves","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7873-5531","authenticated-orcid":false,"given":"Miguel","family":"Correia","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5103-8541","authenticated-orcid":false,"given":"Marco","family":"Vieira","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/IWSM-MENSURA.2011.15"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2010.5609747"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/6294.806902"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2016.05.018"},{"year":"0","key":"ref31","article-title":"Software quality enhancement"},{"year":"0","key":"ref30","article-title":"Sonarqube.org"},{"year":"0","key":"ref37","article-title":"pdepend.org"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1976.233837"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1016\/j.eij.2011.09.003"},{"key":"ref34","first-page":"19","article-title":"Software quality attributes for secured web applications","volume":"3","author":"sankar","year":"2014","journal-title":"International Journal of Engineering Inventions"},{"key":"ref60","first-page":"689","article-title":"Framework for static analysis of PHP applications","author":"hauzar","year":"0","journal-title":"Proc Europ Conf Object-Oriented Programming"},{"article-title":"CAS Static Analysis Tool Study&#x2014;Methodology","year":"2011","author":"meade","key":"ref62"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660363"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1145\/1414004.1414013"},{"year":"0","key":"ref28","article-title":"PhpMetrics.org"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813604"},{"key":"ref27","article-title":"Manual vs. automated vulnerability assessment: A case study","author":"kupsch","year":"0","journal-title":"Proc 1st Int Workshop Manag Insider Secur Threats"},{"year":"0","key":"ref29","article-title":"PHPMD - PHP mess detector"},{"year":"2015","key":"ref2","article-title":"Annual Consumer Studies"},{"year":"0","key":"ref1"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.29"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/161494.161501"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368112"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2014.20"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2010.21"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.500-268v1.1"},{"key":"ref25","first-page":"121","article-title":"On combining diverse static analysis tools for web security: An empirical study","author":"nunes","year":"0","journal-title":"Proc 13th Eur Dependable Comput Conf"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/32.295895"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1147\/sj.132.0115"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/2566486.2568024"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23262"},{"year":"0","key":"ref57"},{"year":"0","key":"ref56","article-title":"WPScan Vulnerability Database"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.16"},{"year":"0","key":"ref54"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/QRS.2016.29"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/32.979986"},{"year":"0","key":"ref10"},{"year":"0","key":"ref11","article-title":"WP Template.com"},{"key":"ref40","article-title":"Special\n publication 500-235, structured testing: A software testing methodology using the cyclomatic complexity metric","author":"watson","year":"1996","journal-title":"U S Dept Commer \/Nat Inst Stand Technol"},{"year":"2016","key":"ref12","article-title":"Website hacked trend report 2016-Q1"},{"year":"0","key":"ref13"},{"key":"ref14","article-title":"TPC-D: Benchmarking for Decision Support","author":"ballinger","year":"1993","journal-title":"The Benchmark Handbook for Database and Transaction Systems"},{"key":"ref15","article-title":"Automated security review of PHP web applications with static code analysis","volume":"5","author":"de poel","year":"2010"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29032-9_14"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2010.53"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2015.08.002"},{"key":"ref19","first-page":"18","article-title":"Finding security vulnerabilities in java applications with static analysis","volume":"14","author":"livshits","year":"0","journal-title":"Proc 14th Conf USENIX Security Symp"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/1314257.1314260"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2004.2"},{"year":"0","key":"ref6"},{"key":"ref5","first-page":"111","article-title":"Why Johnny\n can&#x2019;t pentest: An analysis of black-box web vulnerability scanners","author":"doupe","year":"0","journal-title":"Proceedings of the 4th International Conference on Detection of Intrusions and Malware and Vulnerability Assessment"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/COUFLESS.2015.10"},{"year":"0","key":"ref7"},{"key":"ref49","first-page":"325","article-title":"Quality model based on\n ISO\/IEC 9126 for internal quality of MATLAB\/Simulink\/Stateflow models","author":"hu","year":"0","journal-title":"Proc IEEE Int Conf Ind Technol"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.30"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/2668930.2688819"},{"year":"0","author":"black","key":"ref45"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/QUATIC.2007.8"},{"key":"ref47","article-title":"Evaluation evaluation a Monte Carlo study","author":"powers","year":"0","journal-title":"CoRR"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1007\/s11219-011-9144-9"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2014.112"},{"year":"2017","key":"ref44","article-title":"Software improvement group (SIG)"},{"key":"ref43","first-page":"35","article-title":"Certification of technical quality of software products","author":"correia","year":"0","journal-title":"Proc of the Int'l Workshop on Foundations and Techniques for Open Source Software Certification"}],"container-title":["IEEE Transactions on Reliability"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/24\/8452065\/08399530.pdf?arnumber=8399530","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,26]],"date-time":"2022-01-26T12:36:16Z","timestamp":1643200576000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8399530\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,9]]},"references-count":64,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.1109\/tr.2018.2839339","relation":{},"ISSN":["0018-9529","1558-1721"],"issn-type":[{"type":"print","value":"0018-9529"},{"type":"electronic","value":"1558-1721"}],"subject":[],"published":{"date-parts":[[2018,9]]}}}