{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T02:35:21Z","timestamp":1771468521161,"version":"3.50.1"},"reference-count":39,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/access.2024.3522094","type":"journal-article","created":{"date-parts":[[2024,12,24]],"date-time":"2024-12-24T19:23:49Z","timestamp":1735068229000},"page":"3139-3153","source":"Crossref","is-referenced-by-count":4,"title":["Blending Static and Dynamic Analysis for Web Application Vulnerability Detection: Methodology and Case Study"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2719-9318","authenticated-orcid":false,"given":"Paulo","family":"Nunes","sequence":"first","affiliation":[{"name":"Polytechnic of Guarda, University of Coimbra, CISUC, Coimbra, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4710-9292","authenticated-orcid":false,"given":"Jos\u00e9","family":"Fonseca","sequence":"additional","affiliation":[{"name":"Polytechnic of Guarda, University of Coimbra, CISUC, Coimbra, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5103-8541","authenticated-orcid":false,"given":"Marco","family":"Vieira","sequence":"additional","affiliation":[{"name":"University of North Carolina at Charlotte, Charlotte, NC, USA"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/SNPD.2015.7176244"},{"key":"ref2","volume-title":"OWASP Top 10\u20142021","year":"2021"},{"key":"ref3","volume-title":"Application Security Statistics Report: The Case for DevSecOps","year":"2017"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2023.3329667"},{"key":"ref7","first-page":"24","article-title":"Static and dynamic analysis: Synergy and duality","volume-title":"Proc. ICSE Workshop Dyn. Anal. (WODA)","author":"Ernst"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2016.02.005"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.22"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.3390\/electronics11132049"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/1101908.1101935"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/1111037.1111070"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/1809100.1809107"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1016\/j.mcm.2011.01.050"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2017.2665620"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2610403"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2013.42"},{"key":"ref18","article-title":"Combining static and dynamic analysis for vulnerability detection","author":"Rawat","year":"2013","journal-title":"arXiv:1305.3883"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2013.02.005"},{"key":"ref22","article-title":"Blended security analysis for web applications: Techniques and tools","author":"Nunes","year":"2022"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2004.2"},{"key":"ref24","article-title":"Software vulnerability analysis","author":"Krsul","year":"1998"},{"key":"ref25","volume-title":"Plugin Handbook"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/ICRAIE.2014.6909173"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.5120\/8174-1493"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2015.277"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.17485\/ijst\/2016\/v9i28\/97810"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/PRDC.2007.55"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-64171-8_4"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/318774.318944"},{"key":"ref34","first-page":"377","article-title":"NAVEX: Precise and scalable exploit generation for dynamic web applications","volume-title":"Proc. 27th USENIX Secur. Symp. (USENIX Secur.)","author":"Alhuzali"},{"key":"ref35","volume-title":"RIPS Technologies","year":"2019"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/2566486.2568024"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2018.2839339"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23262"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606613"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.3390\/app12084077"},{"key":"ref41","volume-title":"XDebug Extension for PHP","year":"2018"},{"key":"ref43","volume-title":"XTM, XDebug Trace Manipulator","year":"2018"},{"key":"ref44","volume-title":"SQLMap","year":"2018"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3450002"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10820123\/10813334.pdf?arnumber=10813334","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,7]],"date-time":"2025-01-07T06:00:26Z","timestamp":1736229626000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10813334\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":39,"URL":"https:\/\/doi.org\/10.1109\/access.2024.3522094","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]}}}