{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,9]],"date-time":"2026-01-09T19:18:36Z","timestamp":1767986316316,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":33,"publisher":"ACM","license":[{"start":{"date-parts":[[2011,6,5]],"date-time":"2011-06-05T00:00:00Z","timestamp":1307232000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000181","name":"Air Force Office of Scientific Research","doi-asserted-by":"publisher","award":["FA9550-08-1-0352"],"award-info":[{"award-number":["FA9550-08-1-0352"]}],"id":[{"id":"10.13039\/100000181","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CNS-0746888CCF-1018271"],"award-info":[{"award-number":["CNS-0746888CCF-1018271"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000143","name":"Division of Computing and Communication Foundations","doi-asserted-by":"publisher","award":["CNS-0746888CCF-1018271"],"award-info":[{"award-number":["CNS-0746888CCF-1018271"]}],"id":[{"id":"10.13039\/100000143","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2011,6,5]]},"DOI":"10.1145\/2166956.2166964","type":"proceedings-article","created":{"date-parts":[[2012,3,20]],"date-time":"2012-03-20T12:04:21Z","timestamp":1332245061000},"page":"1-13","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":33,"title":["SAFERPHP"],"prefix":"10.1145","author":[{"given":"Sooel","family":"Son","sequence":"first","affiliation":[{"name":"The University of Texas at Austin"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vitaly","family":"Shmatikov","sequence":"additional","affiliation":[{"name":"The University of Texas at Austin"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2011,6,5]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"C. Anley. Advanced SQL injection in SQL server applications. http:\/\/www.ngssoftware.com\/papers\/advanced_sql_injection.pdf 2002.  C. Anley. Advanced SQL injection in SQL server applications. http:\/\/www.ngssoftware.com\/papers\/advanced_sql_injection.pdf 2002."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315250"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455782"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1814217.1814218"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30579-8_8"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2009.87"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180445"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2009.13"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1133255.1134029"},{"key":"e_1_3_2_1_10_1","volume-title":"USENIX Security","author":"Crosby S.","year":"2003","unstructured":"S. Crosby and D. Wallach . Denial of service via algorithmic complexity attacks . In USENIX Security , 2003 . S. Crosby and D. Wallach. Denial of service via algorithmic complexity attacks. In USENIX Security, 2003."},{"key":"e_1_3_2_1_11_1","unstructured":"CVE-2007-2872. http:\/\/www.securityfocus.com\/archive\/1\/archive\/1\/470244\/100\/0\/threaded.  CVE-2007-2872. http:\/\/www.securityfocus.com\/archive\/1\/archive\/1\/470244\/100\/0\/threaded."},{"key":"e_1_3_2_1_12_1","unstructured":"CVE-2009-4418. http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2009-4418.  CVE-2009-4418. http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2009-4418."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/383721.383732"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586141"},{"key":"e_1_3_2_1_15_1","volume-title":"USENIX Security","author":"Felmetsger V.","year":"2010","unstructured":"V. Felmetsger , L. Cavedon , C. Kruegel , and G. Vigna . Toward automated detection of logic vulnerabilities in Web applications . In USENIX Security , 2010 . V. Felmetsger, L. Cavedon, C. Kruegel, and G. Vigna. Toward automated detection of logic vulnerabilities in Web applications. In USENIX Security, 2010."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/263700.264352"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1328438.1328459"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/988672.988679"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.29"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1134744.1134751"},{"key":"e_1_3_2_1_21_1","unstructured":"M. Kenney. Ping of death. http:\/\/insecure.org\/sploits\/ping-o-death.html 1997.  M. Kenney. Ping of death. http:\/\/insecure.org\/sploits\/ping-o-death.html 1997."},{"key":"e_1_3_2_1_22_1","unstructured":"A. Klein. Cross site scripting explained. http:\/\/crypto.stanford.edu\/cs155\/papers\/CSS.pdf 2002.  A. Klein. Cross site scripting explained. http:\/\/crypto.stanford.edu\/cs155\/papers\/CSS.pdf 2002."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/582419.582452"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542485"},{"key":"e_1_3_2_1_25_1","volume-title":"Morgan Kaufman","author":"Muchnik S.","year":"1997","unstructured":"S. Muchnik . Advanced Compiler Design and Implementation . Morgan Kaufman , 1997 . S. Muchnik. Advanced Compiler Design and Implementation. Morgan Kaufman, 1997."},{"key":"e_1_3_2_1_26_1","volume-title":"http:\/\/phpcompiler.org","author":"PHC.","year":"2009","unstructured":"PHC. http:\/\/phpcompiler.org , 2009 . PHC. http:\/\/phpcompiler.org, 2009."},{"key":"e_1_3_2_1_27_1","volume-title":"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2005-1807","year":"2005","unstructured":"CVE-2005-1807. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2005-1807 , 2005 . CVE-2005-1807. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2005-1807, 2005."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/11531142_16"},{"key":"e_1_3_2_1_29_1","volume-title":"http:\/\/capec.mitre.org\/data\/definitions\/101.html","year":"2007","unstructured":"Server Side Include (SSI) injection. http:\/\/capec.mitre.org\/data\/definitions\/101.html , 2007 . Server Side Include (SSI) injection. http:\/\/capec.mitre.org\/data\/definitions\/101.html, 2007."},{"key":"e_1_3_2_1_30_1","volume-title":"USENIX Security","author":"Tan L.","year":"2008","unstructured":"L. Tan , X. Zhang , X. Ma , W. Xiong , and Y. Zhou . AutoISES: automatically inferring security specifications and detecting violations . In USENIX Security , 2008 . L. Tan, X. Zhang, X. Ma, W. Xiong, and Y. Zhou. AutoISES: automatically inferring security specifications and detecting violations. In USENIX Security, 2008."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250739"},{"key":"e_1_3_2_1_32_1","unstructured":"WhiteHat Security. WhiteHat website security statistics report. http:\/\/www.whitehatsec.com\/home\/resource\/stats.html 2009.  WhiteHat Security. WhiteHat website security statistics report. http:\/\/www.whitehatsec.com\/home\/resource\/stats.html 2009."},{"key":"e_1_3_2_1_33_1","volume-title":"USENIX Security","author":"Xie Y.","year":"2006","unstructured":"Y. Xie and A. Aiken . Static detection of security vulnerabilities in scripting languages . In USENIX Security , 2006 . Y. Xie and A. Aiken. Static detection of security vulnerabilities in scripting languages. In USENIX Security, 2006."}],"event":{"name":"PLDI '11: ACM SIGPLAN Conference on Programming Language Design and Implementation","location":"San Jose California","acronym":"PLDI '11","sponsor":["SIGPLAN ACM Special Interest Group on Programming Languages"]},"container-title":["Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2166956.2166964","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2166956.2166964","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:54:48Z","timestamp":1750240488000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2166956.2166964"}},"subtitle":["finding semantic vulnerabilities in PHP applications"],"short-title":[],"issued":{"date-parts":[[2011,6,5]]},"references-count":33,"alternative-id":["10.1145\/2166956.2166964","10.1145\/2166956"],"URL":"https:\/\/doi.org\/10.1145\/2166956.2166964","relation":{},"subject":[],"published":{"date-parts":[[2011,6,5]]},"assertion":[{"value":"2011-06-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}