{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:49:00Z","timestamp":1750308540477,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","license":[{"start":{"date-parts":[[2015,7,13]],"date-time":"2015-07-13T00:00:00Z","timestamp":1436745600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,7,13]]},"DOI":"10.1145\/2771783.2771787","type":"proceedings-article","created":{"date-parts":[[2015,7,10]],"date-time":"2015-07-10T14:10:55Z","timestamp":1436537455000},"page":"60-70","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Experience report: an empirical study of PHP security mechanism usage"],"prefix":"10.1145","author":[{"given":"Johannes","family":"Dahse","sequence":"first","affiliation":[{"name":"Ruhr University Bochum, Germany"}]},{"given":"Thorsten","family":"Holz","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Germany"}]}],"member":"320","published-online":{"date-parts":[[2015,7,13]]},"reference":[{"doi-asserted-by":"publisher","key":"e_1_3_2_1_1_1","DOI":"10.1109\/SP.2008.22"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_2_1","DOI":"10.1145\/1772690.1772701"},{"volume-title":"May","year":"2007","author":"Christey S.","key":"e_1_3_2_1_3_1"},{"volume-title":"Simulation of Built-in PHP Features for Precise Static Code Analysis. In Symposium on Network and Distributed System Security (NDSS)","year":"2014","author":"Dahse J.","key":"e_1_3_2_1_4_1"},{"volume-title":"Static Detection of Second-Order Vulnerabilities in Web Applications. In USENIX Security Symposium","year":"2014","author":"Dahse J.","key":"e_1_3_2_1_5_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_6_1","DOI":"10.1145\/2660267.2660363"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_7_1","DOI":"10.1109\/Metrisec.2011.18"},{"volume-title":"Proceedings of the IEEE International Symposium on Secure Software Engineering","year":"2006","author":"Halfond W. G.","key":"e_1_3_2_1_8_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_9_1","DOI":"10.1145\/2483760.2483786"},{"volume-title":"Fast and Precise Sanitizer Analysis with BEK. In USENIX Security Symposium","year":"2011","author":"Hooimeijer P.","key":"e_1_3_2_1_11_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_12_1","DOI":"10.1109\/SP.2006.29"},{"volume-title":"Sanctum White Paper","year":"2002","author":"Klein A.","key":"e_1_3_2_1_13_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_14_1","DOI":"10.1145\/1882291.1882355"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_15_1","DOI":"10.1145\/2429069.2429115"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_16_1","DOI":"10.1145\/1060745.1060809"},{"volume-title":"OWASP Secure Coding Practices. https:\/\/www.owasp.org\/index.php\/OWASP_Secure_Coding_ Practices_-_Quick_Reference_Guide, as of","year":"2015","author":"OWASP.","key":"e_1_3_2_1_17_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_18_1","DOI":"10.1145\/2635868.2635922"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_19_1","DOI":"10.1145\/2046707.2046775"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_20_1","DOI":"10.1109\/SP.2010.38"},{"volume-title":"FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications. In Symposium on Network and Distributed System Security (NDSS)","year":"2010","author":"Saxena P.","key":"e_1_3_2_1_21_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_22_1","DOI":"10.1145\/2046707.2046776"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_23_1","DOI":"10.1145\/2245276.2232004"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_24_1","DOI":"10.1145\/2351676.2351733"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_25_1","DOI":"10.5555\/2486788.2486873"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_26_1","DOI":"10.1145\/2048066.2048145"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_27_1","DOI":"10.1145\/1542476.1542486"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_28_1","DOI":"10.1007\/978-3-642-33338-5_5"},{"unstructured":"W3Techs. Usage of Content Management Systems for Websites. http:\/\/w3techs.com\/technologies\/overview\/ content_management\/all as of January 2015.  W3Techs. Usage of Content Management Systems for Websites. http:\/\/w3techs.com\/technologies\/overview\/ content_management\/all as of January 2015.","key":"e_1_3_2_1_29_1"},{"unstructured":"W3Techs. Usage of Server-side Programming Languages for Websites. http:\/\/w3techs.com\/technologies\/overview\/ programming_language\/all as of January 2015.  W3Techs. Usage of Server-side Programming Languages for Websites. http:\/\/w3techs.com\/technologies\/overview\/ programming_language\/all as of January 2015.","key":"e_1_3_2_1_30_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_31_1","DOI":"10.1109\/ESEM.2009.5314215"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_32_1","DOI":"10.1145\/1250734.1250739"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_33_1","DOI":"10.1145\/1368088.1368112"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_34_1","DOI":"10.5555\/2041225.2041237"},{"volume-title":"Static Detection of Security Vulnerabilities in Scripting Languages. In USENIX Security Symposium","year":"2006","author":"Xie Y.","key":"e_1_3_2_1_35_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_36_1","DOI":"10.1007\/978-3-642-12002-2_13"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_37_1","DOI":"10.1145\/1985793.1985828"},{"volume-title":"Path Sensitive Static Analysis of Web Applications for Remote Code Execution Vulnerability Detection. In International Conference on Software Engineering (ICSE)","year":"2013","author":"Zheng Y.","key":"e_1_3_2_1_38_1"}],"event":{"sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","SIGPLAN ACM Special Interest Group on Programming Languages"],"acronym":"ISSTA '15","name":"ISSTA '15: International Symposium on Software Testing and Analysis","location":"Baltimore MD USA"},"container-title":["Proceedings of the 2015 International Symposium on Software Testing and Analysis"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2771783.2771787","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2771783.2771787","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T18:56:13Z","timestamp":1750272973000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2771783.2771787"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,7,13]]},"references-count":37,"alternative-id":["10.1145\/2771783.2771787","10.1145\/2771783"],"URL":"https:\/\/doi.org\/10.1145\/2771783.2771787","relation":{},"subject":[],"published":{"date-parts":[[2015,7,13]]},"assertion":[{"value":"2015-07-13","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}