{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T10:06:08Z","timestamp":1775815568554,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":53,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,3,3]],"date-time":"2014-03-03T00:00:00Z","timestamp":1393804800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,3,3]]},"DOI":"10.1145\/2557547.2557550","type":"proceedings-article","created":{"date-parts":[[2014,2,25]],"date-time":"2014-02-25T13:21:11Z","timestamp":1393334471000},"page":"37-48","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":73,"title":["KameleonFuzz"],"prefix":"10.1145","author":[{"given":"Fabien","family":"Duchene","sequence":"first","affiliation":[{"name":"Paris, France"}]},{"given":"Sanjay","family":"Rawat","sequence":"additional","affiliation":[{"name":"IIIT, Hyderabad, India"}]},{"given":"Jean-Luc","family":"Richier","sequence":"additional","affiliation":[{"name":"LIG Lab, Grenoble INP Ensimag, Grenoble, France"}]},{"given":"Roland","family":"Groz","sequence":"additional","affiliation":[{"name":"LIG Lab, Grenoble INP Ensimag, Grenoble, France"}]}],"member":"320","published-online":{"date-parts":[[2014,3,3]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772701"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.27"},{"key":"e_1_3_2_1_3_1","volume-title":"Stanford","author":"Bau J.","year":"2012","unstructured":"J. Bau Vulnerability Factors in New Web Applications: Audit Tools, Developer Selection & Languages. Tech. rep . Stanford , 2012 . J. Bau et al. Vulnerability Factors in New Web Applications: Audit Tools, Developer Selection & Languages. Tech. rep. Stanford, 2012."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2012.182"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2011.48"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1068009.1068331"},{"key":"e_1_3_2_1_7_1","volume-title":"Browsers anti-XSS methods in ASP (classic) have been defeated!","author":"Dalili S.","year":"2012","unstructured":"S. Dalili . Browsers anti-XSS methods in ASP (classic) have been defeated! 2012 . url: http:\/\/soroush.secproject.com\/downloadable\/Browsers_Anti-XSS_methods_in_ASP_(classic_have_been_defeated.pdf. S. Dalili. Browsers anti-XSS methods in ASP (classic) have been defeated! 2012. url: http:\/\/soroush.secproject.com\/downloadable\/Browsers_Anti-XSS_methods_in_ASP_(classic_have_been_defeated.pdf."},{"key":"e_1_3_2_1_8_1","volume-title":"Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing\". Black Hat USA","author":"DeMott J. D.","year":"2007","unstructured":"J. D. DeMott , R. J. Enbody , and W. F. Punch . \" Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing\". Black Hat USA ( 2007 ). J. D. DeMott, R. J. Enbody, and W. F. Punch. \"Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing\". Black Hat USA (2007)."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/PRDC.2011.31"},{"key":"e_1_3_2_1_10_1","volume-title":"Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner\". Usenix Sec","author":"Doup\u00e9 A.","year":"2012","unstructured":"A. Doup\u00e9 \" Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner\". Usenix Sec ( 2012 ). A. Doup\u00e9 et al. \"Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner\". Usenix Sec (2012)."},{"key":"e_1_3_2_1_11_1","volume-title":"0-day XSS discovered with KameleonFuzz","author":"Duchene F.","year":"2014","unstructured":"F. Duchene . 0-day XSS discovered with KameleonFuzz . 2014 . url: http:\/\/caronline.fr\/0_day_xss_kameleonfuzz. F. Duchene. 0-day XSS discovered with KameleonFuzz. 2014. url: http:\/\/caronline.fr\/0_day_xss_kameleonfuzz."},{"key":"e_1_3_2_1_12_1","volume-title":"Better","author":"Duchene F.","year":"2014","unstructured":"F. Duchene . \"Harder , Better , Faster Fuzzer : Advances in BlackBox Evolutionary Fuzzing\". Hack In The Box (HITB). Amsterdam, Netherlands , 2014 . F. Duchene. \"Harder, Better, Faster Fuzzer: Advances in BlackBox Evolutionary Fuzzing\". Hack In The Box (HITB). Amsterdam, Netherlands, 2014."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2012.181"},{"key":"e_1_3_2_1_14_1","volume-title":"Black-Hat","author":"Duch\u00e8ne F.","year":"2013","unstructured":"F. Duch\u00e8ne . \"Fuzz in the Dark : Genetic Algorithm for Black-Box Fuzzing \". Black-Hat . S\u00e3o Paulo, Brazil , 2013 . F. Duch\u00e8ne. \"Fuzz in the Dark: Genetic Algorithm for Black-Box Fuzzing\". Black-Hat. S\u00e3o Paulo, Brazil, 2013."},{"key":"e_1_3_2_1_15_1","volume-title":"A Hesitation Step into the Black-box: Heuristic based Web Application Reverse Engineering\". NoSuchCon","author":"Duch\u00e8ne F.","year":"2013","unstructured":"F. Duch\u00e8ne \" A Hesitation Step into the Black-box: Heuristic based Web Application Reverse Engineering\". NoSuchCon . 2013 . F. Duch\u00e8ne et al. \"A Hesitation Step into the Black-box: Heuristic based Web Application Reverse Engineering\". NoSuchCon. 2013."},{"key":"e_1_3_2_1_16_1","first-page":"289","volume-title":"11th SSTIC.","author":"Duch\u00e8ne F.","year":"2013","unstructured":"F. Duch\u00e8ne XSS Type-2 Filtr\u00e9s selon Darwin : KameleonFuzz. Fuzzing Evolutionnaire de XSS Type-2 en Bo\u00f4te Noire \". 11th SSTIC. 2013 , pp. 289 -- 311 . F. Duch\u00e8ne et al. \"Fuzzing Intelligent de XSS Type-2 Filtr\u00e9s selon Darwin: KameleonFuzz. Fuzzing Evolutionnaire de XSS Type-2 en Bo\u00f4te Noire\". 11th SSTIC. 2013, pp. 289--311."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2013.6671300"},{"key":"e_1_3_2_1_18_1","unstructured":"Google. Chrome. url: https:\/\/www.google.com\/chrome\/.  Google. Chrome. url: https:\/\/www.google.com\/chrome\/."},{"key":"e_1_3_2_1_19_1","volume-title":"Syngress","author":"Heiderich M.","year":"2010","unstructured":"M. Heiderich Web Application Obfuscation:'-\/WAFs.. Evasion.. Filters\/\/alert (\/Obfuscation\/)- '. Syngress , 2010 . M. Heiderich et al. Web Application Obfuscation:'-\/WAFs.. Evasion.. Filters\/\/alert (\/Obfuscation\/)-'. Syngress, 2010."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516723"},{"key":"e_1_3_2_1_21_1","volume-title":"Shazzer - Shared XSS Fuzzer","author":"Heyes G.","year":"2012","unstructured":"G. Heyes Shazzer - Shared XSS Fuzzer . 2012 . url: http:\/\/shazzer.co.uk. G. Heyes et al. Shazzer - Shared XSS Fuzzer. 2012. url: http:\/\/shazzer.co.uk."},{"key":"e_1_3_2_1_22_1","volume-title":"Fuzzing with Code Fragments\". 21st Usenix Security","author":"Holler C.","year":"2012","unstructured":"C. Holler , K. Herzig , and A. Zeller . \" Fuzzing with Code Fragments\". 21st Usenix Security . 2012 . C. Holler, K. Herzig, and A. Zeller. \"Fuzzing with Code Fragments\". 21st Usenix Security. 2012."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSTW.2011.83"},{"key":"e_1_3_2_1_24_1","unstructured":"J. Huggins P. Hammant etal Selenium Browser Automation Framework. url: http:\/\/code.google.com\/p\/selenium\/.  J. Huggins P. Hammant et al. Selenium Browser Automation Framework. url: http:\/\/code.google.com\/p\/selenium\/."},{"key":"e_1_3_2_1_25_1","unstructured":"R. Kugler. PayPal.com XSS Vulnerability. 2013. url: http:\/\/seclists.org\/fulldisclosure\/2013\/ May\/163.  R. Kugler. PayPal.com XSS Vulnerability. 2013. url: http:\/\/seclists.org\/fulldisclosure\/2013\/ May\/163."},{"key":"e_1_3_2_1_26_1","volume-title":"insertions, and reversals\". Soviet Physics-Doklady","author":"Levenshtein V.","year":"1966","unstructured":"V. Levenshtein . \"Binary coors capable of correcting deletions , insertions, and reversals\". Soviet Physics-Doklady . Vol. 10 . 1966 . V. Levenshtein. \"Binary coors capable of correcting deletions, insertions, and reversals\". Soviet Physics-Doklady. Vol. 10. 1966."},{"key":"e_1_3_2_1_27_1","volume-title":"Firefox plug-in","author":"Maone G.","year":"2006","unstructured":"G. Maone . NoScript , Firefox plug-in . 2006 . url: https:\/\/addons.mozilla.org\/en-US\/firefox\/addon\/noscript\/. G. Maone. NoScript, Firefox plug-in. 2006. url: https:\/\/addons.mozilla.org\/en-US\/firefox\/addon\/noscript\/."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/96267.96279"},{"key":"e_1_3_2_1_29_1","volume-title":"Stored XSS In Facebook","year":"2013","unstructured":"Nirgoldshlager. Stored XSS In Facebook . 2013 . url: http:\/\/www.breaksec.com\/?p=6129. Nirgoldshlager. Stored XSS In Facebook. 2013. url: http:\/\/www.breaksec.com\/?p=6129."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1569901.1570111"},{"key":"e_1_3_2_1_31_1","volume-title":"Top Ten Project","author":"OWASP.","year":"2013","unstructured":"OWASP. Top Ten Project . 2013 . OWASP. Top Ten Project. 2013."},{"key":"e_1_3_2_1_32_1","unstructured":"PHP. addslashes function. url: http:\/\/php.net\/manual\/en\/function.addslashes.php.  PHP. addslashes function. url: http:\/\/php.net\/manual\/en\/function.addslashes.php."},{"issue":"1","key":"e_1_3_2_1_33_1","first-page":"23","volume":"1","author":"Pietik\u00e4inen P.","year":"2011","unstructured":"P. Pietik\u00e4inen Comm. of Cloud Software , vol. 1 , no. 1 , Dec. 23 , ISSN 2242-5403 ( 2011 ). P. Pietik\u00e4inen et al. \"Security Testing of Web Browsers\". Comm. of Cloud Software, vol. 1, no. 1, Dec. 23, ISSN 2242-5403 (2011).","journal-title":"Comm. of Cloud Software"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/EC2ND.2010.14"},{"key":"e_1_3_2_1_35_1","first-page":"37","author":"Rawat S.","year":"2013","unstructured":"S. Rawat SSCI. IEEE , 2013 , pp. 37 -- 39 . S. Rawat et al. \"Evolving Indigestible Codes: Fuzzing Interpreters with Genetic Programming\". CICS, with SSCI. IEEE, 2013, pp. 37--39.","journal-title":"SSCI. IEEE"},{"key":"e_1_3_2_1_36_1","unstructured":"A Riancho. w3af - WebApp. Attack and Audit Framework. url: http:\/\/w3af.sourceforge.net.  A Riancho. w3af - WebApp. Attack and Audit Framework. url: http:\/\/w3af.sourceforge.net."},{"key":"e_1_3_2_1_37_1","unstructured":"D. Ross. IE 8 XSS Filter Implementation. 2008. url: http:\/\/blogs.technet.com\/b\/srd\/archive\/2008\/08\/19\/ie-8-xss-filterarchitecture-implementation.aspx.  D. Ross. IE 8 XSS Filter Implementation. 2008. url: http:\/\/blogs.technet.com\/b\/srd\/archive\/2008\/08\/19\/ie-8-xss-filterarchitecture-implementation.aspx."},{"key":"e_1_3_2_1_38_1","volume-title":"XSS Cheat Sheet Esp: for filter evasion","year":"2007","unstructured":"RSnake. XSS Cheat Sheet Esp: for filter evasion . 2007 . url: http:\/\/ha.ckers.org\/xss.html. RSnake. XSS Cheat Sheet Esp: for filter evasion. 2007. url: http:\/\/ha.ckers.org\/xss.html."},{"key":"e_1_3_2_1_39_1","unstructured":"J. Ruderman. Introducing jsfunfuzz. 2007. url: http:\/\/www.squarefree.com\/2007\/08\/02\/introducing-jsfunfuzz.  J. Ruderman. Introducing jsfunfuzz. 2007. url: http:\/\/www.squarefree.com\/2007\/08\/02\/introducing-jsfunfuzz."},{"key":"e_1_3_2_1_40_1","unstructured":"R. S. Scowen. \"Extended BNF - A generic base standard\". SESP. 1993.  R. S. Scowen. \"Extended BNF - A generic base standard\". SESP. 1993."},{"key":"e_1_3_2_1_41_1","unstructured":"R. Sekar. \"An Efficient Blackbox Technique for Defeating Web Application Attacks\". NDSS. 2009.  R. Sekar. \"An Efficient Blackbox Technique for Defeating Web Application Attacks\". NDSS. 2009."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2007.147"},{"key":"e_1_3_2_1_43_1","unstructured":"A. Sotirov. \"Blackbox Reversing of XSS Filters\". ReCon. 2008.  A. Sotirov. \"Blackbox Reversing of XSS Filters\". ReCon. 2008."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516703"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1111037.1111070"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.5555\/1813084.1813128"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2483760.2483776"},{"key":"e_1_3_2_1_48_1","unstructured":"R. Valotta. \"Fuzzing with DOM Level 2 and 3\". DeepSec.  R. Valotta. \"Fuzzing with DOM Level 2 and 3\". DeepSec."},{"key":"e_1_3_2_1_49_1","volume-title":"HTML5 Content Model","author":"C.","year":"2012","unstructured":"W3 C. HTML5 Content Model . 2012 . url: http:\/\/www.w3.org\/TR\/html5\/contentmodels.html. W3C. HTML5 Content Model. 2012. url: http:\/\/www.w3.org\/TR\/html5\/contentmodels.html."},{"key":"e_1_3_2_1_50_1","volume-title":"Computing Research Repository","author":"Wang Y.-H.","year":"2010","unstructured":"Y.-H. Wang , C.-H. Mao , and H.-M. Lee . \"Structural Learning of Attack Vectors for Generating Mutated XSS Attacks\". Computing Research Repository ( 2010 ). Y.-H. Wang, C.-H. Mao, and H.-M. Lee. \"Structural Learning of Attack Vectors for Generating Mutated XSS Attacks\". Computing Research Repository (2010)."},{"key":"e_1_3_2_1_51_1","first-page":"150","volume-title":"A systematic analysis of XSS sanitization in web application frameworks","author":"Weinberger J.","year":"2011","unstructured":"J. Weinberger \" A systematic analysis of XSS sanitization in web application frameworks \". ESORICS. Springer , 2011 , pp. 150 -- 171 . J. Weinberger et al. \"A systematic analysis of XSS sanitization in web application frameworks\". ESORICS. Springer, 2011, pp. 150--171."},{"key":"e_1_3_2_1_52_1","unstructured":"M. Zalewski. Announcing CrossFuzz. 2011. url: http:\/\/lcamtuf.blogspot.fr\/2011\/01\/announcing-crossfuzz-potential-0-dayin.html.  M. Zalewski. Announcing CrossFuzz. 2011. url: http:\/\/lcamtuf.blogspot.fr\/2011\/01\/announcing-crossfuzz-potential-0-dayin.html."},{"key":"e_1_3_2_1_53_1","volume-title":"eBay Sec. Hall of Fame","year":"2013","unstructured":"ZentrixPlus. eBay Sec. Hall of Fame . 2013 . url: http:\/\/zentrixplus.net\/blog\/ebaysecurity-researchers-hall-of-fame-hof\/. ZentrixPlus. eBay Sec. Hall of Fame. 2013. url: http:\/\/zentrixplus.net\/blog\/ebaysecurity-researchers-hall-of-fame-hof\/."}],"event":{"name":"CODASPY'14: Fourth ACM Conference on Data and Application Security and Privacy","location":"San Antonio Texas USA","acronym":"CODASPY'14","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 4th ACM conference on Data and application security and privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2557547.2557550","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2557547.2557550","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T08:09:50Z","timestamp":1750234190000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2557547.2557550"}},"subtitle":["evolutionary fuzzing for black-box XSS detection"],"short-title":[],"issued":{"date-parts":[[2014,3,3]]},"references-count":53,"alternative-id":["10.1145\/2557547.2557550","10.1145\/2557547"],"URL":"https:\/\/doi.org\/10.1145\/2557547.2557550","relation":{},"subject":[],"published":{"date-parts":[[2014,3,3]]},"assertion":[{"value":"2014-03-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}