{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,20]],"date-time":"2026-04-20T10:23:56Z","timestamp":1776680636907,"version":"3.51.2"},"reference-count":188,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2023]]},"DOI":"10.1109\/tse.2023.3256322","type":"journal-article","created":{"date-parts":[[2023,3,31]],"date-time":"2023-03-31T17:36:07Z","timestamp":1680284167000},"page":"1-43","source":"Crossref","is-referenced-by-count":22,"title":["Metamorphic Testing for Web System Security"],"prefix":"10.1109","author":[{"given":"Nazanin Bayati","family":"Chaleshtari","sequence":"first","affiliation":[{"name":"School of Electrical Engineering and Computer Science, Ottawa, ON, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3541-3641","authenticated-orcid":false,"given":"Fabrizio","family":"Pastore","sequence":"additional","affiliation":[{"name":"SnT, University of Luxembourg, Esch-sur-Alzette, Luxembourg"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Arda","family":"Goknil","sequence":"additional","affiliation":[{"name":"Sustainable Communication Technologies, SINTEF Digital, Trondheim, Oslo, Norway"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1393-1010","authenticated-orcid":false,"given":"Lionel C.","family":"Briand","sequence":"additional","affiliation":[{"name":"SnT Centre, University of Luxembourg, Esch-sur-Alzette, Luxembourg"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref57","year":"2021"},{"key":"ref56","first-page":"707","article-title":"Binary codes capable of correcting deletions, insertions and reversals","volume":"10","author":"levenshtein","year":"1966","journal-title":"Sov Phys Doklady"},{"key":"ref59","year":"2021"},{"key":"ref58","year":"2019"},{"key":"ref53","author":"chaleshtari","year":"2022"},{"key":"ref52","year":"2020"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/ICWE.2008.24"},{"key":"ref168","doi-asserted-by":"publisher","DOI":"10.1109\/MET.2017..3"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/2109205.2109208"},{"key":"ref169","article-title":"Metamorphic relation template v1. 0","author":"segura","year":"2017"},{"key":"ref170","doi-asserted-by":"publisher","DOI":"10.1007\/s11704-014-3040-y"},{"key":"ref177","first-page":"412","article-title":"UMLsec: Extending UML for secure systems development","author":"j\u00fcrjens","year":"2002","journal-title":"Proc 5th Int Conf Unified Model Lang"},{"key":"ref178","first-page":"322","article-title":"Sound methods and effective tools for model-based security engineering with UML","author":"j\u00fcrjens","year":"2005","journal-title":"Proc 27th Int l Conf Software Eng"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/2480361.2371419"},{"key":"ref175","first-page":"129","article-title":"Crawling the hidden web","author":"raghavan","year":"2000","journal-title":"Proc Int Conf Very Large Data Bases"},{"key":"ref50","year":"2021"},{"key":"ref176","first-page":"109","article-title":"A classification for model-based security testing","author":"felderer","year":"2011","journal-title":"Proc Adv Syst Testing Validation Lifecycle"},{"key":"ref173","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3473920"},{"key":"ref174","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2021.111060"},{"key":"ref171","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2021.111062"},{"key":"ref172","doi-asserted-by":"publisher","DOI":"10.1109\/ICST53961.2022.00015"},{"key":"ref46","author":"mai","year":"2022"},{"key":"ref45","author":"chaleshtari","year":"2022"},{"key":"ref48","article-title":"Replicability package","author":"chaleshtari","year":"2023"},{"key":"ref47","author":"chaleshtari","year":"2022"},{"key":"ref42","year":"2021"},{"key":"ref41","year":"2021"},{"key":"ref44","article-title":"CVE-2020–2162: Stored XSS vulnerability in file parameters","author":"mai","year":"2020"},{"key":"ref179","author":"j\u00fcrjens","year":"2005","journal-title":"Secure Systems Development with UML"},{"key":"ref43","year":"2021"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3143561"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/B978-0-12-800160-8.00001-2"},{"key":"ref180","doi-asserted-by":"publisher","DOI":"10.1007\/11935308_11"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/1985793.1985847"},{"key":"ref181","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594334"},{"key":"ref9","author":"meucci","year":"2014"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2018.00017"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2018.04.007"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2014.2372785"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-Companion.2019.00037"},{"key":"ref100","article-title":"Apache web server","year":"2022"},{"key":"ref188","doi-asserted-by":"publisher","DOI":"10.1109\/MET.2019.00012"},{"key":"ref101","year":"2022"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3377812.3382152"},{"key":"ref186","article-title":"Properties of machine learning applications for use in metamorphic testing","author":"murphy","year":"2008"},{"key":"ref187","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2876433"},{"key":"ref184","doi-asserted-by":"publisher","DOI":"10.1109\/TSA.2015.13"},{"key":"ref185","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2009.19"},{"key":"ref182","doi-asserted-by":"publisher","DOI":"10.1002\/stvr.1566"},{"key":"ref183","doi-asserted-by":"publisher","DOI":"10.1109\/BioMedCom.2012.18"},{"key":"ref35","year":"2022"},{"key":"ref34","year":"2021"},{"key":"ref37","year":"2020"},{"key":"ref36","year":"2022"},{"key":"ref31","year":"2020"},{"key":"ref148","doi-asserted-by":"publisher","DOI":"10.1145\/2295136.2295173"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2016.176"},{"key":"ref149","doi-asserted-by":"publisher","DOI":"10.1109\/SNPD.2015.7176238"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/2109205.2109208"},{"key":"ref146","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2012.24"},{"key":"ref32","year":"2021"},{"key":"ref147","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2014.2354172"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/ICST46399.2020.00028"},{"key":"ref38","year":"2017"},{"key":"ref155","first-page":"91","article-title":"Metamorphic testing using geometric interrogation technique and its application","volume":"1","author":"sim","year":"2005","journal-title":"ECTI Trans Comput and Inf Tech"},{"key":"ref156","doi-asserted-by":"publisher","DOI":"10.1109\/APSEC.2010.39"},{"key":"ref153","doi-asserted-by":"publisher","DOI":"10.1145\/1982595.1982597"},{"key":"ref154","doi-asserted-by":"publisher","DOI":"10.1145\/1987993.1988003"},{"key":"ref151","doi-asserted-by":"publisher","DOI":"10.1002\/stvr.408"},{"key":"ref152","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-02138-1_19"},{"key":"ref150","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2007.167"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/ICWS.2011.65"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.4018\/jwsr.2007040103"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/CMPSAC.2004.1342879"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1002\/stvr.437"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1142\/S0218194007003471"},{"key":"ref159","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2010.20"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/1982185.1982502"},{"key":"ref157","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30126-1_16"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/ICSTW.2009.20"},{"key":"ref158","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2010.11.002"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/LCN.2011.6115306"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-73230-3_7"},{"key":"ref29","first-page":"530","article-title":"Testing central processing unit scheduling algorithms using metamorphic testing","author":"jiang","year":"2013","journal-title":"Proc IEEE 4th Int Conf Softw Eng Serv Sci"},{"key":"ref166","article-title":"Properties of machine learning applications for use in metamorphic testing","author":"murphy","year":"2008"},{"key":"ref167","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2017.2764464"},{"key":"ref164","doi-asserted-by":"publisher","DOI":"10.1109\/ICACCI.2014.6968586"},{"key":"ref165","doi-asserted-by":"publisher","DOI":"10.1109\/QSIC.2009.26"},{"key":"ref162","doi-asserted-by":"publisher","DOI":"10.1109\/BioMedCom.2012.17"},{"key":"ref163","doi-asserted-by":"publisher","DOI":"10.1109\/CMPSAC.2002.1045022"},{"key":"ref160","doi-asserted-by":"publisher","DOI":"10.1049\/iet-sen.2009.0084"},{"key":"ref161","doi-asserted-by":"publisher","DOI":"10.1186\/1471-2105-10-24"},{"key":"ref13","article-title":"Teen hacker scoops 4,500 bug bounty for Facebook flaw that allowed attackers to unmask page admins","author":"walker","year":"2021"},{"key":"ref12","article-title":"Facebook account takeover: Researcher scoops 40k bug bounty for chained exploit","author":"woollacott","year":"2022"},{"key":"ref15","doi-asserted-by":"crossref","first-page":"780","DOI":"10.1145\/2970276.2970281","article-title":"MACKE: Compositional Analysis of Low-Level Vulnerabilities with Symbolic Execution","author":"saahil ognawala","year":"2016","journal-title":"IEEE\/ACM Int Conference on Automated Software Engineering (ASE)"},{"key":"ref128","doi-asserted-by":"publisher","DOI":"10.1145\/2483760.2483776"},{"key":"ref14","first-page":"49","article-title":"Dowsing for overflows: A guided fuzzer to find buffer boundary violations","author":"haller","year":"2013","journal-title":"Proc Usenix Secur Symp"},{"key":"ref129","first-page":"32","article-title":"Assessing the impact of firewalls and database proxies on SQL injection testing","author":"appelt","year":"2013","journal-title":"Proc 1st Int Workshop Future Internet Testing"},{"key":"ref97","article-title":"CWE-613: Insufficient session expiration","year":"2022"},{"key":"ref126","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2610403"},{"key":"ref96","year":"2022"},{"key":"ref127","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2014.01.024"},{"key":"ref11","author":"deahl","year":"2018"},{"key":"ref99","article-title":"MYSQL RDBMS engine","year":"2022"},{"key":"ref124","first-page":"31","article-title":"Automatic generation of XSS and SQL injection attacks with goal-directed model checking","author":"martin","year":"2008","journal-title":"Proc Usenix Secur Symp"},{"key":"ref10","author":"rosen","year":"2018"},{"key":"ref98","year":"2020"},{"key":"ref125","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.27"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2013.46"},{"key":"ref16","article-title":"Metamorphic testing: A new approach for generating next test cases","author":"chen","year":"1998"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/QSIC.2006.45"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2016.2532875"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2012.11.007"},{"key":"ref133","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2009.49"},{"key":"ref92","year":"2021"},{"key":"ref134","doi-asserted-by":"publisher","DOI":"10.1109\/SESS.2007.5"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2018.12.003"},{"key":"ref131","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2007.27"},{"key":"ref94","year":"2022"},{"key":"ref132","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-87875-9_38"},{"key":"ref130","doi-asserted-by":"publisher","DOI":"10.1145\/775152.775174"},{"key":"ref91","year":"2021"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-022-10179-6"},{"key":"ref89","year":"2021"},{"key":"ref139","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2013.65"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2946563"},{"key":"ref137","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2008.41"},{"key":"ref85","year":"2020"},{"key":"ref138","doi-asserted-by":"publisher","DOI":"10.1109\/IWAST.2012.6228997"},{"key":"ref88","year":"2021"},{"key":"ref135","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242663"},{"key":"ref87","year":"2020"},{"key":"ref136","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-36103-0_48"},{"key":"ref82","year":"2021"},{"key":"ref144","doi-asserted-by":"publisher","DOI":"10.1109\/ICSTW.2013.58"},{"key":"ref81","year":"2021"},{"key":"ref145","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368106"},{"key":"ref84","author":"liverani","year":"2017"},{"key":"ref142","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2008.11.008"},{"key":"ref83","year":"2021"},{"key":"ref143","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2006.40"},{"key":"ref140","doi-asserted-by":"publisher","DOI":"10.1109\/ISCSCT.2008.116"},{"key":"ref141","doi-asserted-by":"publisher","DOI":"10.1002\/spe.2111"},{"key":"ref80","year":"0"},{"key":"ref79","year":"2014"},{"key":"ref108","year":"2022"},{"key":"ref78","year":"2014"},{"key":"ref109","year":"2022"},{"key":"ref106","year":"2018"},{"key":"ref107","year":"2018"},{"key":"ref75","year":"2020"},{"key":"ref104","year":"2018"},{"key":"ref74","year":"2016"},{"key":"ref105","year":"2018"},{"key":"ref77","year":"2014"},{"key":"ref102","year":"2018"},{"key":"ref76","year":"2014"},{"key":"ref103","year":"2018"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1016\/bs.adcom.2015.11.003"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2007.70754"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/ICSAW.2017.25"},{"key":"ref111","year":"2018"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/ICSA.2017.39"},{"key":"ref112","year":"2018"},{"key":"ref73","year":"2018"},{"key":"ref72","article-title":"Embedded information systems technology support (EISTS). Task order 0006: Vulnerability path analysis and demonstration (VPAD). Volume 2 - White box definitions of software fault patterns","author":"calloni","year":"2011"},{"key":"ref110","year":"2020"},{"key":"ref68","year":"2021"},{"key":"ref119","doi-asserted-by":"publisher","DOI":"10.1002\/stvr.1580"},{"key":"ref67","year":"2021"},{"key":"ref117","doi-asserted-by":"publisher","DOI":"10.1145\/3210459.3210461"},{"key":"ref69","year":"0"},{"key":"ref118","year":"2019"},{"key":"ref64","year":"2021"},{"key":"ref115","author":"lane","year":"2003","journal-title":"Online statistics education A multimedia course of study"},{"key":"ref63","year":"2020"},{"key":"ref116","article-title":"Damn vulnerable web application (DVWA)","author":"wood","year":"2022"},{"key":"ref66","year":"2021"},{"key":"ref113","year":"2018"},{"key":"ref65","year":"2021"},{"key":"ref114","year":"2018"},{"key":"ref60","article-title":"The fuzzing book","author":"zeller","year":"2019","journal-title":"The Fuzzing Book"},{"key":"ref122","author":"takanen","year":"2018","journal-title":"Fuzzing for Software Security Testing and Quality Assurance"},{"key":"ref123","doi-asserted-by":"publisher","DOI":"10.1145\/1135777.1135817"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/52.382180"},{"key":"ref120","first-page":"647","article-title":"Research on software security testing","volume":"70","author":"tian-yang","year":"2010","journal-title":"World Acad Sci Eng Technol"},{"key":"ref61","author":"alexander","year":"1977","journal-title":"A Pattern Language Towns Buildings Construction"},{"key":"ref121","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2011.48"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/32\/4359463\/10089522.pdf?arnumber=10089522","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,13]],"date-time":"2023-06-13T21:18:13Z","timestamp":1686691093000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10089522\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"references-count":188,"URL":"https:\/\/doi.org\/10.1109\/tse.2023.3256322","relation":{},"ISSN":["0098-5589","1939-3520","2326-3881"],"issn-type":[{"value":"0098-5589","type":"print"},{"value":"1939-3520","type":"electronic"},{"value":"2326-3881","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]}}}