{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,4]],"date-time":"2025-04-04T15:25:33Z","timestamp":1743780333936,"version":"3.28.0"},"reference-count":34,"publisher":"IEEE","license":[{"start":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T00:00:00Z","timestamp":1606176000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T00:00:00Z","timestamp":1606176000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T00:00:00Z","timestamp":1606176000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,11,24]]},"DOI":"10.1109\/nca51143.2020.9306735","type":"proceedings-article","created":{"date-parts":[[2021,1,5]],"date-time":"2021-01-05T23:22:37Z","timestamp":1609888957000},"page":"1-9","source":"Crossref","is-referenced-by-count":5,"title":["MERLIN: Multi-Language Web Vulnerability Detection"],"prefix":"10.1109","author":[{"given":"Alexandra","family":"Figueiredo","sequence":"first","affiliation":[]},{"given":"Tatjana","family":"Lide","sequence":"additional","affiliation":[]},{"given":"David","family":"Matos","sequence":"additional","affiliation":[]},{"given":"Miguel","family":"Correia","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"journal-title":"Website of WAP tool","year":"2014","author":"medeiros","key":"ref33"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/161494.161501"},{"journal-title":"JPHP","year":"0","key":"ref31"},{"journal-title":"Dexpler Converting android dalvik bytecode to jimple for static analysis with soot","year":"2012","author":"bertel","key":"ref30"},{"key":"ref34","first-page":"69","article-title":"SECBENCH: A database of real security vulnerabilities","author":"reis","year":"2017","journal-title":"International Workshop on Secure Software Engineering in DevOps and Agile Development"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/1111037.1111070"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315249"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368112"},{"key":"ref13","doi-asserted-by":"crossref","first-page":"111","DOI":"10.1007\/978-3-642-14215-4_7","article-title":"Why Johnny can't pentest: An analysis of black-box web vulnerability scanners","author":"doup\u00e9","year":"2010","journal-title":"Detection of Intrusions and Malware and Vulnerability Assessment"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043567"},{"key":"ref15","article-title":"Enemy of the state: A state-aware black-box web vulnerability scanner","author":"doup\u00e9","year":"2012","journal-title":"USENIX Security Symposium"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2009-0321"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/2566486.2568024"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931041"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2018.2839339"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30579-8_23"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-25660-1_20"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/ASEW.2019.00040"},{"key":"ref3","first-page":"191","article-title":"Form-based proxy caching for database-backed web sites","author":"luo","year":"2001","journal-title":"Proceedings of the 27th International Conference on Very Large Data Bases"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2005.01.009"},{"key":"ref29","doi-asserted-by":"crossref","DOI":"10.1145\/2714064.2660212","article-title":"Phosphor: Illuminating dynamic data flow in commodity JVMs","author":"bell","year":"2014","journal-title":"ACM SIGPLAN Notices 49 10"},{"key":"ref5","article-title":"Static analysis tools as early indicators of pre-release defect density","author":"nagappan","year":"2005","journal-title":"Proceedings of the 27th International Conference on Software Engineering"},{"key":"ref8","article-title":"A classification of SQL-injection attacks and countermeasures","author":"halfond","year":"2006","journal-title":"Proc of the International Symposium on Secure Software Engineering"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.29"},{"journal-title":"2019 application security statistics report","year":"2019","key":"ref2"},{"key":"ref9","article-title":"An early testing and defense web application framework for malicious input attacks","author":"gegick","year":"2006","journal-title":"ISSRE Supplementary Conference Proceedings"},{"journal-title":"Symantec ISTR 24 - Internet security threat report","year":"2019","key":"ref1"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23158"},{"key":"ref22","article-title":"The soot framework for java program analysis: a retrospective","author":"lam","year":"2011","journal-title":"Cetus Users and Compiler Infastructure Workshop (CETUS 2011)"},{"key":"ref21","first-page":"281","article-title":"Some methods for classification and analysis of multivariate observations","volume":"1","author":"macqueen","year":"1967","journal-title":"Proceedings of the 5th Berkeley Symposium on Mathematical Statistics and Probability"},{"journal-title":"OWASP Top 10-2017 - the ten most critical web application security risks","year":"2017","author":"williams","key":"ref24"},{"journal-title":"National Institute of Standards and Technology (NIST)","year":"0","key":"ref23"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2012.6227096"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23262"}],"event":{"name":"2020 IEEE 19th International Symposium on Network Computing and Applications (NCA)","start":{"date-parts":[[2020,11,24]]},"location":"Cambridge, MA, USA","end":{"date-parts":[[2020,11,27]]}},"container-title":["2020 IEEE 19th International Symposium on Network Computing and Applications (NCA)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9306506\/9306688\/09306735.pdf?arnumber=9306735","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,28]],"date-time":"2022-06-28T21:51:30Z","timestamp":1656453090000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9306735\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,24]]},"references-count":34,"URL":"https:\/\/doi.org\/10.1109\/nca51143.2020.9306735","relation":{},"subject":[],"published":{"date-parts":[[2020,11,24]]}}}