{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T07:09:29Z","timestamp":1763968169714,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2015,7,13]],"date-time":"2015-07-13T00:00:00Z","timestamp":1436745600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,7,13]]},"DOI":"10.1145\/2771783.2771789","type":"proceedings-article","created":{"date-parts":[[2015,7,10]],"date-time":"2015-07-10T14:10:55Z","timestamp":1436537455000},"page":"37-47","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["BrowserAudit: automated testing of browser security features"],"prefix":"10.1145","author":[{"given":"Charlie","family":"Hothersall-Thomas","sequence":"first","affiliation":[{"name":"Netcraft, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sergio","family":"Maffeis","sequence":"additional","affiliation":[{"name":"Imperial College London, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chris","family":"Novakovic","sequence":"additional","affiliation":[{"name":"Imperial College London, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2015,7,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Bootstrap. http:\/\/getbootstrap.com\/.  Bootstrap. http:\/\/getbootstrap.com\/."},{"key":"e_1_3_2_1_2_1","unstructured":"Browser DOM access checker. http:\/\/lcamtuf.coredump.cx\/dom_checker\/.  Browser DOM access checker. http:\/\/lcamtuf.coredump.cx\/dom_checker\/."},{"key":"e_1_3_2_1_3_1","unstructured":"Browserscope. http:\/\/www.browserscope.org\/.  Browserscope. http:\/\/www.browserscope.org\/."},{"key":"e_1_3_2_1_4_1","unstructured":"BrowserSpy. http:\/\/browserspy.dk\/.  BrowserSpy. http:\/\/browserspy.dk\/."},{"key":"e_1_3_2_1_5_1","unstructured":"BrowserStack. http:\/\/www.browserstack.com\/.  BrowserStack. http:\/\/www.browserstack.com\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Can I Use.. .. http:\/\/caniuse.com\/.  Can I Use.. .. http:\/\/caniuse.com\/."},{"key":"e_1_3_2_1_7_1","unstructured":"Chai. http:\/\/chaijs.com\/.  Chai. http:\/\/chaijs.com\/."},{"key":"e_1_3_2_1_8_1","unstructured":"How\u2019s My SSL? https:\/\/www.howsmyssl.com\/.  How\u2019s My SSL? https:\/\/www.howsmyssl.com\/."},{"key":"e_1_3_2_1_9_1","unstructured":"jQuery. http:\/\/jquery.com\/.  jQuery. http:\/\/jquery.com\/."},{"key":"e_1_3_2_1_10_1","unstructured":"Mocha. http:\/\/mochajs.org\/.  Mocha. http:\/\/mochajs.org\/."},{"key":"e_1_3_2_1_11_1","unstructured":"Nginx. http:\/\/nginx.org\/.  Nginx. http:\/\/nginx.org\/."},{"key":"e_1_3_2_1_12_1","unstructured":"Panopticlick. https:\/\/panopticlick.eff.org\/.  Panopticlick. https:\/\/panopticlick.eff.org\/."},{"key":"e_1_3_2_1_13_1","unstructured":"PostgreSQL. http:\/\/www.postgresql.org\/.  PostgreSQL. http:\/\/www.postgresql.org\/."},{"key":"e_1_3_2_1_14_1","unstructured":"Qualys SSL Labs. https:\/\/www.ssllabs.com\/.  Qualys SSL Labs. https:\/\/www.ssllabs.com\/."},{"key":"e_1_3_2_1_15_1","unstructured":"The Can I Use... test suite. http:\/\/tests.caniuse.com\/.  The Can I Use... test suite. http:\/\/tests.caniuse.com\/."},{"key":"e_1_3_2_1_16_1","unstructured":"The Go Programming Language. https:\/\/golang.org\/.  The Go Programming Language. https:\/\/golang.org\/."},{"key":"e_1_3_2_1_17_1","volume-title":"Apr.","author":"Barth A.","year":"2011","unstructured":"A. Barth . HTTP State Management Mechanism. RFC 6265 (Proposed Standard) , Apr. 2011 . A. Barth. HTTP State Management Mechanism. RFC 6265 (Proposed Standard), Apr. 2011."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.3"},{"key":"e_1_3_2_1_19_1","first-page":"30","volume-title":"Proceedings of USENIX Security 2008","author":"Barth A.","year":"2008","unstructured":"A. Barth , C. Jackson , and J. Mitchell . Securing Frame Communication in Browsers . In Proceedings of USENIX Security 2008 , pages 17\u2013 30 , 2008 . A. Barth, C. Jackson, and J. Mitchell. Securing Frame Communication in Browsers. In Proceedings of USENIX Security 2008, pages 17\u201330, 2008."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455782"},{"key":"e_1_3_2_1_21_1","volume-title":"June","author":"Barth A.","year":"2013","unstructured":"A. Barth and M. West . Content Security Policy 1.1 , June 2013 . W3C Working Draft WD-CSP 11-20130604. A. Barth and M. West. Content Security Policy 1.1, June 2013. W3C Working Draft WD-CSP11-20130604."},{"key":"e_1_3_2_1_22_1","first-page":"670","volume-title":"Proceedings of USENIX Security 2013","author":"Bhargavan K.","year":"2013","unstructured":"K. Bhargavan , A. Delignat-Lavaud , and S. Maffeis . Language-Based Defenses Against Untrusted Browser Origins . In Proceedings of USENIX Security 2013 , pages 653\u2013 670 , 2013 . K. Bhargavan, A. Delignat-Lavaud, and S. Maffeis. Language-Based Defenses Against Untrusted Browser Origins. In Proceedings of USENIX Security 2013, pages 653\u2013670, 2013."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11379-1_8"},{"key":"e_1_3_2_1_24_1","unstructured":"Bugzilla. Bug 1007205 \u2014 CSP allows local CSS @import with only \u2018unsafe-inline\u2019 set. https: \/\/bugzilla.mozilla.org\/show_bug.cgi?id=1007205.  Bugzilla. Bug 1007205 \u2014 CSP allows local CSS @import with only \u2018unsafe-inline\u2019 set. https: \/\/bugzilla.mozilla.org\/show_bug.cgi?id=1007205."},{"key":"e_1_3_2_1_25_1","unstructured":"Bugzilla. Bug 1007634 \u2014 CSP allows local Worker construction with only \u2018unsafe-inline\u2019 set. https: \/\/bugzilla.mozilla.org\/show_bug.cgi?id=1007634.  Bugzilla. Bug 1007634 \u2014 CSP allows local Worker construction with only \u2018unsafe-inline\u2019 set. https: \/\/bugzilla.mozilla.org\/show_bug.cgi?id=1007634."},{"key":"e_1_3_2_1_26_1","unstructured":"Bugzilla. Bug 471020 \u2014 Add X-Content-Type-Options: nosniff support to Firefox. https: \/\/bugzilla.mozilla.org\/show_bug.cgi?id=471020.  Bugzilla. Bug 471020 \u2014 Add X-Content-Type-Options: nosniff support to Firefox. https: \/\/bugzilla.mozilla.org\/show_bug.cgi?id=471020."},{"key":"e_1_3_2_1_27_1","unstructured":"Bugzilla. Bug 671389 \u2014 Implement CSP sandbox directive. https: \/\/bugzilla.mozilla.org\/show_bug.cgi?id=671389.  Bugzilla. Bug 671389 \u2014 Implement CSP sandbox directive. https: \/\/bugzilla.mozilla.org\/show_bug.cgi?id=671389."},{"key":"e_1_3_2_1_28_1","volume-title":"ENISA","author":"De Ryck P.","year":"2011","unstructured":"P. De Ryck , L. Desmet , P. Philippaerts , and F. Piessens . A security analysis of next generation web standards. Technical report , ENISA , July 2011 . P. De Ryck, L. Desmet, P. Philippaerts, and F. Piessens. A security analysis of next generation web standards. Technical report, ENISA, July 2011."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516743"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.5555\/1881151.1881152"},{"key":"e_1_3_2_1_31_1","volume-title":"June","author":"Fielding R.","year":"1999","unstructured":"R. Fielding , J. Gettys , J. Mogul , H. Frystyk , L. Masinter , P. Leach , and T. Berners-Lee . Hypertext Transfer Protocol \u2013 HTTP\/1.1. RFC 2616 (Draft Standard) , June 1999 . R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee. Hypertext Transfer Protocol \u2013 HTTP\/1.1. RFC 2616 (Draft Standard), June 1999."},{"key":"e_1_3_2_1_32_1","unstructured":"GitHub. BrowserAudit project. https:\/\/github.com\/browseraudit\/.  GitHub. BrowserAudit project. https:\/\/github.com\/browseraudit\/."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382276"},{"key":"e_1_3_2_1_34_1","volume-title":"Apr.","author":"Hickson I.","year":"2014","unstructured":"I. Hickson and D. Hyatt . HTML5: A vocabulary and associated APIs for HTML and XHTML. W3C Candidate Recommendation CR-HTML5-20140429 , Apr. 2014 . I. Hickson and D. Hyatt. HTML5: A vocabulary and associated APIs for HTML and XHTML. W3C Candidate Recommendation CR-HTML5-20140429, Apr. 2014."},{"key":"e_1_3_2_1_35_1","volume-title":"Nov.","author":"Hodges J.","year":"2012","unstructured":"J. Hodges , C. Jackson , and A. Barth . HTTP Strict Transport Security (HSTS). RFC 6797 (Proposed Standard) , Nov. 2012 . J. Hodges, C. Jackson, and A. Barth. HTTP Strict Transport Security (HSTS). RFC 6797 (Proposed Standard), Nov. 2012."},{"key":"e_1_3_2_1_36_1","first-page":"22","volume-title":"Proceedings of USENIX Security 2012","author":"Huang L.-S.","year":"2012","unstructured":"L.-S. Huang , A. Moshchuk , H. J. Wang , S. Schechter , and C. Jackson . Clickjacking: Attacks and Defenses . In Proceedings of USENIX Security 2012 , pages 22\u2013 22 , 2012 . L.-S. Huang, A. Moshchuk, H. J. Wang, S. Schechter, and C. Jackson. Clickjacking: Attacks and Defenses. In Proceedings of USENIX Security 2012, pages 22\u201322, 2012."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1367497.1367569"},{"key":"e_1_3_2_1_38_1","first-page":"277","volume-title":"Encyclopedia of Cryptography and Security","author":"Kirda E.","unstructured":"E. Kirda . Cross Site Scripting Attacks . In Encyclopedia of Cryptography and Security , pages 275\u2013 277 . 2011. E. Kirda. Cross Site Scripting Attacks. In Encyclopedia of Cryptography and Security, pages 275\u2013277. 2011."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.16"},{"key":"e_1_3_2_1_40_1","unstructured":"MSDN Blogs. IE8 Security Part VI: Beta 2 Update. http:\/\/blogs.msdn.com\/b\/ie\/archive\/2008\/09\/02\/ ie8-security-part-vi-beta-2-update.aspx.  MSDN Blogs. IE8 Security Part VI: Beta 2 Update. http:\/\/blogs.msdn.com\/b\/ie\/archive\/2008\/09\/02\/ ie8-security-part-vi-beta-2-update.aspx."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2011.87"},{"key":"e_1_3_2_1_42_1","volume-title":"Oct.","author":"Ross D.","year":"2013","unstructured":"D. Ross and T. Gondrom . HTTP Header Field X-Frame-Options. RFC 7034 (Informational) , Oct. 2013 . D. Ross and T. Gondrom. HTTP Header Field X-Frame-Options. RFC 7034 (Informational), Oct. 2013."},{"key":"e_1_3_2_1_43_1","volume-title":"Proceedings of W2SP 2010","author":"Rydstedt G.","year":"2010","unstructured":"G. Rydstedt , E. Bursztein , D. Boneh , and C. Jackson . Busting Framebusting: a Study of Clickjacking Vulnerabilities at Popular Sites . In Proceedings of W2SP 2010 , 2010 . G. Rydstedt, E. Bursztein, D. Boneh, and C. Jackson. Busting Framebusting: a Study of Clickjacking Vulnerabilities at Popular Sites. In Proceedings of W2SP 2010, 2010."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.35"},{"key":"e_1_3_2_1_45_1","volume-title":"Content Security Policy 1.0","author":"Sterne B.","year":"2012","unstructured":"B. Sterne and A. Barth . Content Security Policy 1.0 . Nov. 2012 . W3C Candidate Recommendation CR-CSP- 20121115. B. Sterne and A. Barth. Content Security Policy 1.0. Nov. 2012. W3C Candidate Recommendation CR-CSP-20121115."},{"key":"e_1_3_2_1_46_1","volume-title":"Jan.","author":"Van Kesteren A.","year":"2014","unstructured":"A. Van Kesteren . Cross-origin Resource Sharing. W3C Recommendation REC-cors-20140116 , Jan. 2014 . A. Van Kesteren. Cross-origin Resource Sharing. W3C Recommendation REC-cors-20140116, Jan. 2014."},{"key":"e_1_3_2_1_47_1","volume-title":"Browser Security Handbook","author":"Zalewski M.","year":"2010","unstructured":"M. Zalewski . Browser Security Handbook , 2010 . M. Zalewski. Browser Security Handbook, 2010."},{"key":"e_1_3_2_1_48_1","volume-title":"No Starch Press","author":"Zalewski M.","year":"2012","unstructured":"M. Zalewski . The Tangled Web: A Guide to Securing Modern Web Applications . No Starch Press , 2012 . M. Zalewski. The Tangled Web: A Guide to Securing Modern Web Applications. No Starch Press, 2012."}],"event":{"name":"ISSTA '15: International Symposium on Software Testing and Analysis","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","SIGPLAN ACM Special Interest Group on Programming Languages"],"location":"Baltimore MD USA","acronym":"ISSTA '15"},"container-title":["Proceedings of the 2015 International Symposium on Software Testing and Analysis"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2771783.2771789","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2771783.2771789","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T18:56:13Z","timestamp":1750272973000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2771783.2771789"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,7,13]]},"references-count":48,"alternative-id":["10.1145\/2771783.2771789","10.1145\/2771783"],"URL":"https:\/\/doi.org\/10.1145\/2771783.2771789","relation":{},"subject":[],"published":{"date-parts":[[2015,7,13]]},"assertion":[{"value":"2015-07-13","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}