{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,14]],"date-time":"2026-02-14T10:47:01Z","timestamp":1771066021526,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":25,"publisher":"ACM","license":[{"start":{"date-parts":[[2011,12,5]],"date-time":"2011-12-05T00:00:00Z","timestamp":1323043200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CNS-0831298"],"award-info":[{"award-number":["CNS-0831298"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000181","name":"Air Force Office of Scientific Research","doi-asserted-by":"publisher","award":["FA9550-09-1-0539"],"award-info":[{"award-number":["FA9550-09-1-0539"]}],"id":[{"id":"10.13039\/100000181","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N000140710928"],"award-info":[{"award-number":["N000140710928"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2011,12,5]]},"DOI":"10.1145\/2076732.2076768","type":"proceedings-article","created":{"date-parts":[[2011,12,13]],"date-time":"2011-12-13T15:46:00Z","timestamp":1323791160000},"page":"257-266","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["A server- and browser-transparent CSRF defense for web 2.0 applications"],"prefix":"10.1145","author":[{"given":"Riccardo","family":"Pelizzi","sequence":"first","affiliation":[{"name":"Stony Brook University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"R.","family":"Sekar","sequence":"additional","affiliation":[{"name":"Stony Brook University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2011,12,5]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455782"},{"key":"e_1_3_2_1_2_1","unstructured":"CVE\n\n  \n   Editorial Board. CVE-2007-3574. http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2007-3574 2007.  CVE Editorial Board. CVE-2007-3574. http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2007-3574 2007."},{"key":"e_1_3_2_1_3_1","unstructured":"CVE\n\n  \n   Editorial Board. CVE-2009-2073. http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2009-2073 2009.  CVE Editorial Board. CVE-2009-2073. http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2009-2073 2009."},{"key":"e_1_3_2_1_4_1","unstructured":"CVE\n\n  \n   Editorial Board. CVE-2009-4076. http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2009-4076 2009.  CVE Editorial Board. CVE-2009-4076. http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2009-4076 2009."},{"key":"e_1_3_2_1_5_1","unstructured":"CVE\n\n  \n   Editorial Board. CVE-2009-4906. http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2009-4906 2009.  CVE Editorial Board. CVE-2009-4906. http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2009-4906 2009."},{"key":"e_1_3_2_1_6_1","unstructured":"CWE and SANS Institute. 2010 CWE\/SANS Top 25 Most Dangerous Software Errors. http:\/\/cwe.mitre.org\/top25\/ March 2011.  CWE and SANS Institute. 2010 CWE\/SANS Top 25 Most Dangerous Software Errors. http:\/\/cwe.mitre.org\/top25\/ March 2011."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-11747-3_2"},{"key":"e_1_3_2_1_8_1","unstructured":"Django Software Foundation. Django. http:\/\/www.djangoproject.com 2011.  Django Software Foundation. Django. http:\/\/www.djangoproject.com 2011."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"crossref","unstructured":"R. Fielding etal Hypertext Transfer Protocol -- HTTP\/1.1. http:\/\/www.ietf.org\/rfc\/rfc2616.txt 1999.   R. Fielding et al. Hypertext Transfer Protocol -- HTTP\/1.1. http:\/\/www.ietf.org\/rfc\/rfc2616.txt 1999.","DOI":"10.17487\/rfc2616"},{"key":"e_1_3_2_1_10_1","unstructured":"J. Fraser. Backwards compatible window.postMessage(). http:\/\/www.onlineaspect.com\/2010\/01\/15\/backwards-compatible-postmessage\/ 2010.  J. Fraser. Backwards compatible window.postMessage(). http:\/\/www.onlineaspect.com\/2010\/01\/15\/backwards-compatible-postmessage\/ 2010."},{"key":"e_1_3_2_1_11_1","unstructured":"F. Guisset. JavaScript-DOM Prototypes in Mozilla. https:\/\/developer.mozilla.org\/en\/JavaScript-DOM_Prototypes_in_Mozilla 2002.  F. Guisset. JavaScript-DOM Prototypes in Mozilla. https:\/\/developer.mozilla.org\/en\/JavaScript-DOM_Prototypes_in_Mozilla 2002."},{"key":"e_1_3_2_1_12_1","unstructured":"D. H. Hansson. Ruby on Rails. http:\/\/rubyonrails.org 2011.  D. H. Hansson. Ruby on Rails. http:\/\/rubyonrails.org 2011."},{"key":"e_1_3_2_1_13_1","unstructured":"E. Inc. Code Igniter. http:\/\/codeigniter.com\/ 2002.  E. Inc. Code Igniter. http:\/\/codeigniter.com\/ 2002."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.5555\/1875947.1875967"},{"key":"e_1_3_2_1_15_1","volume-title":"OWASP Europe","author":"Johns M.","year":"2006"},{"key":"e_1_3_2_1_16_1","volume-title":"Securecomm","author":"Jovanovic N.","year":"2007"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655077.1655081"},{"key":"e_1_3_2_1_18_1","unstructured":"G. Maone. NoScript. http:\/\/noscript.net\/ 2011.  G. Maone. NoScript. http:\/\/noscript.net\/ 2011."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455783"},{"key":"e_1_3_2_1_20_1","unstructured":"Pylons. Pylons Project. http:\/\/pylonsproject.org\/ 2011.  Pylons. Pylons Project. http:\/\/pylonsproject.org\/ 2011."},{"key":"e_1_3_2_1_21_1","unstructured":"RoundCube.net. RoundCube - Free Webmail for the Masses. http:\/\/roundcube.net\/ 2010.  RoundCube.net. RoundCube - Free Webmail for the Masses. http:\/\/roundcube.net\/ 2010."},{"key":"e_1_3_2_1_22_1","unstructured":"E. Sheridan. OWASP: CSRFGuard Project. https:\/\/www.owasp.org\/index.php\/Category:OWASP_CSRFGuard_Project 2011.  E. Sheridan. OWASP: CSRFGuard Project. https:\/\/www.owasp.org\/index.php\/Category:OWASP_CSRFGuard_Project 2011."},{"key":"e_1_3_2_1_23_1","unstructured":"E. Z. Yang. CSRFMagic. http:\/\/csrf.htmlpurifier.org\/ 2008.  E. Z. Yang. CSRFMagic. http:\/\/csrf.htmlpurifier.org\/ 2008."},{"key":"e_1_3_2_1_24_1","unstructured":"W. Zeller and E. Felten. Cross-site request forgeries: Exploitation and prevention 2008.  W. Zeller and E. Felten. Cross-site request forgeries: Exploitation and prevention 2008."},{"key":"e_1_3_2_1_25_1","volume-title":"ICISS","author":"Zhou M.","year":"2011"}],"event":{"name":"ACSAC '11: Annual Computer Security Applications Conference","location":"Orlando Florida USA","acronym":"ACSAC '11","sponsor":["ACSA Applied Computing Security Assoc"]},"container-title":["Proceedings of the 27th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2076732.2076768","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2076732.2076768","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:54:46Z","timestamp":1750240486000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2076732.2076768"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,12,5]]},"references-count":25,"alternative-id":["10.1145\/2076732.2076768","10.1145\/2076732"],"URL":"https:\/\/doi.org\/10.1145\/2076732.2076768","relation":{},"subject":[],"published":{"date-parts":[[2011,12,5]]},"assertion":[{"value":"2011-12-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}