{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,14]],"date-time":"2026-02-14T04:34:58Z","timestamp":1771043698849,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":43,"publisher":"ACM","license":[{"start":{"date-parts":[[2008,1,7]],"date-time":"2008-01-07T00:00:00Z","timestamp":1199664000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2008,1,7]]},"DOI":"10.1145\/1328408.1328410","type":"proceedings-article","created":{"date-parts":[[2008,1,7]],"date-time":"2008-01-07T14:45:40Z","timestamp":1199717140000},"page":"3-12","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":60,"title":["Securing web applications with static and dynamic information flow tracking"],"prefix":"10.1145","author":[{"given":"Monica S.","family":"Lam","sequence":"first","affiliation":[{"name":"Stanford University, Stanford, CA"}]},{"given":"Michael","family":"Martin","sequence":"additional","affiliation":[{"name":"Stanford University, Stanford, CA"}]},{"given":"Benjamin","family":"Livshits","sequence":"additional","affiliation":[{"name":"Microsoft Research, Redmond, WA"}]},{"given":"John","family":"Whaley","sequence":"additional","affiliation":[{"name":"Moka5: Inc., Redwood City, CA"}]}],"member":"320","published-online":{"date-parts":[[2008,1,7]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1094811.1094839"},{"key":"e_1_3_2_1_2_1","volume-title":"http:\/\/struts.apache.org","author":"Foundation Apache Software","year":"2002","unstructured":"Apache Software Foundation . Apache Struts . http:\/\/struts.apache.org , 2002 . Apache Software Foundation. Apache Struts. http:\/\/struts.apache.org, 2002."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.5555\/313651.313816"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/68210.69217"},{"key":"e_1_3_2_1_6_1","unstructured":"S. M. Christey. Vulnerability type distribution in CVE. http:\/\/www.attrition.org\/pipermail\/vim\/2006-September\/001032.html.  S. M. Christey. Vulnerability type distribution in CVE. http:\/\/www.attrition.org\/pipermail\/vim\/2006-September\/001032.html."},{"key":"e_1_3_2_1_7_1","unstructured":"S. Cook. A Web developer\u00fds guide to cross-site scripting. http:\/\/www.giac.org\/practical\/GSEC\/Steve_Cook_GSEC.pdf 2003.  S. Cook. A Web developer\u00fds guide to cross-site scripting. http:\/\/www.giac.org\/practical\/GSEC\/Steve_Cook_GSEC.pdf 2003."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/337180.337234"},{"key":"e_1_3_2_1_9_1","first-page":"205","volume-title":"Robby. A Language Framework for Expressing Checkable Properties of Dynamic Software. In SPIN '00: Proceedings of the 7th SPIN Workshop","author":"Corbett J. C.","year":"2000","unstructured":"J. C. Corbett , M. B. Dwyer , J. Hatcliff , and Robby. A Language Framework for Expressing Checkable Properties of Dynamic Software. In SPIN '00: Proceedings of the 7th SPIN Workshop , pages 205 -- 223 , 2000 . J. C. Corbett, M. B. Dwyer, J. Hatcliff, and Robby. A Language Framework for Expressing Checkable Properties of Dynamic Software. In SPIN '00: Proceedings of the 7th SPIN Workshop, pages 205--223, 2000."},{"key":"e_1_3_2_1_10_1","first-page":"229","volume-title":"ASTLOG: A Language for Examining Abstract Syntax Trees. In Proceedings of the USENIX Conference on Domain-Specific Languages","author":"Crew R. F.","year":"1997","unstructured":"R. F. Crew . ASTLOG: A Language for Examining Abstract Syntax Trees. In Proceedings of the USENIX Conference on Domain-Specific Languages , pages 229 -- 242 , 1997 . R. F. Crew. ASTLOG: A Language for Examining Abstract Syntax Trees. In Proceedings of the USENIX Conference on Domain-Specific Languages, pages 229--242, 1997."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250662.1250722"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1094811.1094841"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/512529.512539"},{"key":"e_1_3_2_1_14_1","volume-title":"McGraw. Exploiting Software: How to Break Code","author":"Hoglund G.","year":"2004","unstructured":"G. Hoglund and G. McGraw. Exploiting Software: How to Break Code . Addison-Wesley Publishing , 2004 . G. Hoglund and G. McGraw. Exploiting Software: How to Break Code. Addison-Wesley Publishing, 2004."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.588521"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1028664.1028717"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/988672.988679"},{"key":"e_1_3_2_1_18_1","unstructured":"G. Hulme. New software may improve application security. http:\/\/www.informationweek.com\/story\/IWK20010209S0003 2001.  G. Hulme. New software may improve application security. http:\/\/www.informationweek.com\/story\/IWK20010209S0003 2001."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/643603.643622"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242654"},{"key":"e_1_3_2_1_21_1","unstructured":"A. Klein. Divide and Conquer: HTTP Response Splitting Web Cache Poisoning Attacks and Related Topics. http:\/\/www.packetstormsecurity.org\/papers\/general\/whitepaper_httprespon%se.pdf 2004.  A. Klein. Divide and Conquer: HTTP Response Splitting Web Cache Poisoning Attacks and Related Topics. http:\/\/www.packetstormsecurity.org\/papers\/general\/whitepaper_httprespon%se.pdf 2004."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/263698.263752"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1040305.1040335"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/996841.996868"},{"key":"e_1_3_2_1_25_1","first-page":"271","volume-title":"Proceedings of the 14th Usenix Security Symposium","author":"Livshits V. B.","year":"2005","unstructured":"V. B. Livshits and M. S. Lam . Finding Security Errors in Java Programs with Static Analysis . In Proceedings of the 14th Usenix Security Symposium , pages 271 -- 286 , Aug. 2005 . V. B. Livshits and M. S. Lam. Finding Security Errors in Java Programs with Static Analysis. In Proceedings of the 14th Usenix Security Symposium, pages 271--286, Aug. 2005."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1094811.1094840"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/292540.292561"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250746"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-25660-1_20"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.4380210207"},{"key":"e_1_3_2_1_31_1","unstructured":"OWASP. The ten most critical web application security vulnerabilities. http:\/\/www.owasp.org\/images\/e\/e8\/OWASP_Top_10_2007.pdf 2007.  OWASP. The ten most critical web application security vulnerabilities. http:\/\/www.owasp.org\/images\/e\/e8\/OWASP_Top_10_2007.pdf 2007."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1007512.1007545"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1111037.1111070"},{"key":"e_1_3_2_1_34_1","unstructured":"Sun Microsystems. JSR-000154 Java Servlet 2.5 Specification. http:\/\/jcp.org\/aboutJava\/communityprocess\/mrel\/jsr154\/index.html 2004.  Sun Microsystems. JSR-000154 Java Servlet 2.5 Specification. http:\/\/jcp.org\/aboutJava\/communityprocess\/mrel\/jsr154\/index.html 2004."},{"key":"e_1_3_2_1_35_1","unstructured":"Sun Microsystems. JSR-000245 JavaServer Pages 2.1. http:\/\/jcp.org\/aboutJava\/communityprocess\/final\/jsr245\/index.html 2006.  Sun Microsystems. JSR-000245 JavaServer Pages 2.1. http:\/\/jcp.org\/aboutJava\/communityprocess\/final\/jsr245\/index.html 2006."},{"key":"e_1_3_2_1_36_1","volume-title":"Principles of Database and Knowledge-Base Systems","author":"Ullman J. D.","year":"1989","unstructured":"J. D. Ullman . Principles of Database and Knowledge-Base Systems . Computer Science Press , Rockville, Md ., volume II edition, 1989 . J. D. Ullman. Principles of Database and Knowledge-Base Systems. Computer Science Press, Rockville, Md., volume II edition, 1989."},{"key":"e_1_3_2_1_37_1","volume-title":"April","author":"Vernon M.","year":"2004","unstructured":"M. Vernon . Top Five Threats. ComputerWeekly.com (http:\/\/www.computerweekly.com\/Article129980.htm) , April 2004 . M. Vernon. Top Five Threats. ComputerWeekly.com (http:\/\/www.computerweekly.com\/Article129980.htm), April 2004."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1022920129859"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1029894.1029918"},{"key":"e_1_3_2_1_40_1","volume-title":"http:\/\/www.webappsec.org\/tc\/WASC--TC--v1_0.pdf","author":"Web Application Security Consortium","year":"2004","unstructured":"Web Application Security Consortium . Threat Classification . http:\/\/www.webappsec.org\/tc\/WASC--TC--v1_0.pdf , 2004 . Web Application Security Consortium. Threat Classification. http:\/\/www.webappsec.org\/tc\/WASC--TC--v1_0.pdf, 2004."},{"key":"e_1_3_2_1_41_1","unstructured":"WebCohort Inc. Only 10% of Web applications are secured against common hacking techniques. http:\/\/www.imperva.com\/company\/news\/2004--feb--02.html 2004.  WebCohort Inc. Only 10% of Web applications are secured against common hacking techniques. http:\/\/www.imperva.com\/company\/news\/2004--feb--02.html 2004."},{"key":"e_1_3_2_1_42_1","unstructured":"J. Whaley. bddbddb: BDD-Based Deductive DataBase. http:\/\/bddbddb.sourceforge.net 2004.  J. Whaley. bddbddb: BDD-Based Deductive DataBase. http:\/\/bddbddb.sourceforge.net 2004."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/996841.996859"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.5555\/1298455.1298481"}],"event":{"name":"PEPM08: Partial Evaluation and Program Manipulation","location":"San Francisco California USA","acronym":"PEPM08","sponsor":["SIGPLAN ACM Special Interest Group on Programming Languages","ACM Association for Computing Machinery","SIGACT ACM Special Interest Group on Algorithms and Computation Theory"]},"container-title":["Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1328408.1328410","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1328408.1328410","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:56:22Z","timestamp":1750254982000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1328408.1328410"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,1,7]]},"references-count":43,"alternative-id":["10.1145\/1328408.1328410","10.1145\/1328408"],"URL":"https:\/\/doi.org\/10.1145\/1328408.1328410","relation":{},"subject":[],"published":{"date-parts":[[2008,1,7]]},"assertion":[{"value":"2008-01-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}