{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,29]],"date-time":"2025-06-29T14:40:00Z","timestamp":1751208000603,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":28,"publisher":"ACM","license":[{"start":{"date-parts":[[2011,9,12]],"date-time":"2011-09-12T00:00:00Z","timestamp":1315785600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2011,9,12]]},"DOI":"10.1145\/2073276.2073285","type":"proceedings-article","created":{"date-parts":[[2011,12,5]],"date-time":"2011-12-05T17:50:15Z","timestamp":1323107415000},"page":"83-94","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Position paper"],"prefix":"10.1145","author":[{"given":"Wenliang","family":"Du","sequence":"first","affiliation":[{"name":"Syracuse University, Syracuse, NY, USA"}]},{"given":"Karthick","family":"Jayaraman","sequence":"additional","affiliation":[{"name":"Syracuse University, Syracuse, NY, USA"}]},{"given":"Xi","family":"Tan","sequence":"additional","affiliation":[{"name":"Syracuse University, Syracuse, NY, USA"}]},{"given":"Tongbo","family":"Luo","sequence":"additional","affiliation":[{"name":"Syracuse University, Syracuse, NY, USA"}]},{"given":"Steve","family":"Chapin","sequence":"additional","affiliation":[{"name":"Syracuse University, Syracuse, NY, USA"}]}],"member":"320","published-online":{"date-parts":[[2011,9,12]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Caja. http:\/\/code.google.com\/p\/google-caja\/.  Caja. http:\/\/code.google.com\/p\/google-caja\/."},{"key":"e_1_3_2_1_2_1","unstructured":"Spring Security. http:\/\/static.springsource.org\/spring-security\/site\/  Spring Security. http:\/\/static.springsource.org\/spring-security\/site\/"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455782"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_2"},{"key":"e_1_3_2_1_5_1","unstructured":"K. Donald E. Vervaet and R. Stoyanchev. Spring Web Flow - Reference documentation. http:\/\/static.springsource.org\/spring-webflow\/docs\/1.0.x\/reference\/index.html 2007.  K. Donald E. Vervaet and R. Stoyanchev. Spring Web Flow - Reference documentation. http:\/\/static.springsource.org\/spring-webflow\/docs\/1.0.x\/reference\/index.html 2007."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/2029896.2029899"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.42"},{"volume-title":"Proc. of Network and Distributed System Security Symposium","year":"2010","author":"Finifter M.","key":"e_1_3_2_1_8_1"},{"volume-title":"Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS)","year":"2009","author":"Gundy M. V.","key":"e_1_3_2_1_9_1"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2010.71"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.5555\/1875947.1875967"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242654"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECCOMW.2006.359531"},{"volume-title":"SecureComm","year":"2007","author":"Kerschbaum F.","key":"e_1_3_2_1_15_1"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1141277.1141357"},{"key":"e_1_3_2_1_18_1","unstructured":"M. Kolsek. Session Fixation Vulnerabilities in Web-based Applications. http:\/\/www.acrossecurity.com\/papers\/session_fixation.pdf.  M. Kolsek. Session Fixation Vulnerabilities in Web-based Applications. http:\/\/www.acrossecurity.com\/papers\/session_fixation.pdf."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/2022245.2022268"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.36"},{"volume-title":"Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS)","year":"2009","author":"Nadji Y.","key":"e_1_3_2_1_21_1"},{"key":"e_1_3_2_1_22_1","unstructured":"G. Ollmann. Web Based Session Management: Best Practices in Managing HTTP Based Client Sessions. http:\/\/www.technicalinfo.net\/papers\/WebBasedSessionManagement.html.  G. Ollmann. Web Based Session Management: Best Practices in Managing HTTP Based Client Sessions. http:\/\/www.technicalinfo.net\/papers\/WebBasedSessionManagement.html."},{"key":"e_1_3_2_1_23_1","unstructured":"OWASP. The ten most critical web application security risks. http:\/\/www.owasp.org\/index.php\/File:OWASP_T10_-_2010_rc1.pdf 2010.  OWASP. The ten most critical web application security risks. http:\/\/www.owasp.org\/index.php\/File:OWASP_T10_-_2010_rc1.pdf 2010."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_7"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_2_1_27_1","unstructured":"A. Vance. Times web ads show security breach. http:\/\/www.nytimes.com\/2009\/09\/15\/technology\/internet\/15adco.html.  A. Vance. Times web ads show security breach. http:\/\/www.nytimes.com\/2009\/09\/15\/technology\/internet\/15adco.html."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653685"},{"volume-title":"NDSS","year":"2007","author":"Vogt P.","key":"e_1_3_2_1_29_1"},{"key":"e_1_3_2_1_30_1","unstructured":"WhiteHat Security. Whitehat website security statistic report 10th edition 2010.  WhiteHat Security. Whitehat website security statistic report 10th edition 2010."},{"key":"e_1_3_2_1_31_1","unstructured":"M. Zalewski. Cross-site cooking. URL: http:\/\/www.securityfocus.com\/archive\/107\/423375\/30\/0\/threaded 2006.  M. Zalewski. Cross-site cooking. URL: http:\/\/www.securityfocus.com\/archive\/107\/423375\/30\/0\/threaded 2006."}],"event":{"name":"NSPW '11: 2011 New Security Paradigms Workshop","acronym":"NSPW '11","location":"Marin County California USA"},"container-title":["Proceedings of the 2011 New Security Paradigms Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2073276.2073285","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2073276.2073285","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:54:50Z","timestamp":1750240490000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2073276.2073285"}},"subtitle":["why are there so many vulnerabilities in web applications?"],"short-title":[],"issued":{"date-parts":[[2011,9,12]]},"references-count":28,"alternative-id":["10.1145\/2073276.2073285","10.1145\/2073276"],"URL":"https:\/\/doi.org\/10.1145\/2073276.2073285","relation":{},"subject":[],"published":{"date-parts":[[2011,9,12]]},"assertion":[{"value":"2011-09-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}