{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:14:41Z","timestamp":1750306481259,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":39,"publisher":"ACM","license":[{"start":{"date-parts":[[2015,12,11]],"date-time":"2015-12-11T00:00:00Z","timestamp":1449792000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,12,11]]},"DOI":"10.1145\/2837185.2837195","type":"proceedings-article","created":{"date-parts":[[2016,4,7]],"date-time":"2016-04-07T22:22:33Z","timestamp":1460067753000},"page":"1-7","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["WordPress security"],"prefix":"10.1145","author":[{"given":"Hannes","family":"Trunde","sequence":"first","affiliation":[{"name":"University of Applied Sciences Technikum Wien, Vienna, Austria"}]},{"given":"Edgar","family":"Weippl","sequence":"additional","affiliation":[{"name":"SBA Research, Vienna, Austria"}]}],"member":"320","published-online":{"date-parts":[[2015,12,11]]},"reference":[{"volume-title":"Available: https:\/\/wordpress.org\/plugins\/. [Accessed","year":"2015","key":"e_1_3_2_1_1_1","unstructured":"WordPress.org, \"Plugin Directory,\" [Online]. Available: https:\/\/wordpress.org\/plugins\/. [Accessed 20 April 2015 ]. WordPress.org, \"Plugin Directory,\" [Online]. Available: https:\/\/wordpress.org\/plugins\/. [Accessed 20 April 2015]."},{"volume-title":"Available: http:\/\/w3techs.com\/technologies\/overview\/content_management\/all\/. [Accessed","year":"2015","key":"e_1_3_2_1_2_1","unstructured":"W3Techs, \"Usage of content management systems for websites,\" [Online]. Available: http:\/\/w3techs.com\/technologies\/overview\/content_management\/all\/. [Accessed 20 April 2015 ]. W3Techs, \"Usage of content management systems for websites,\" [Online]. Available: http:\/\/w3techs.com\/technologies\/overview\/content_management\/all\/. [Accessed 20 April 2015]."},{"volume-title":"Available: http:\/\/www.heise.de\/security\/meldung\/WordPress-Plug-in-Slimstat-gefaehrdet-Server-2559516.html. [Accessed","year":"2015","key":"e_1_3_2_1_3_1","unstructured":"heise Security, \"WordPress-Plug-in Slimstat gef\u00e4hrdet Server,\" 25 Februar 2015. [Online]. Available: http:\/\/www.heise.de\/security\/meldung\/WordPress-Plug-in-Slimstat-gefaehrdet-Server-2559516.html. [Accessed 20 April 2015 ]. heise Security, \"WordPress-Plug-in Slimstat gef\u00e4hrdet Server,\" 25 Februar 2015. [Online]. Available: http:\/\/www.heise.de\/security\/meldung\/WordPress-Plug-in-Slimstat-gefaehrdet-Server-2559516.html. [Accessed 20 April 2015]."},{"volume-title":"Available: http:\/\/www.heise.de\/security\/meldung\/Heikle-Sicherheitsluecke-in-WordPress-Plug-in-FancyBox-2542690.html. [Accessed","year":"2015","key":"e_1_3_2_1_4_1","unstructured":"heise Security, \"Heikle Sicherheitsl\u00fccke in WordPress-Plug-in FancyBox,\" 6 Februar 2015. [Online]. Available: http:\/\/www.heise.de\/security\/meldung\/Heikle-Sicherheitsluecke-in-WordPress-Plug-in-FancyBox-2542690.html. [Accessed 20 April 2015 ]. heise Security, \"Heikle Sicherheitsl\u00fccke in WordPress-Plug-in FancyBox,\" 6 Februar 2015. [Online]. Available: http:\/\/www.heise.de\/security\/meldung\/Heikle-Sicherheitsluecke-in-WordPress-Plug-in-FancyBox-2542690.html. [Accessed 20 April 2015]."},{"volume-title":"Available: http:\/\/www.imperva.com\/docs\/HII_Web_Application_Attack_Report_Ed5.pdf. [Accessed","year":"2015","key":"e_1_3_2_1_5_1","unstructured":"Imperva, \"Web Application Attack Report (WAAR) - October 2014,\" [Online]. Available: http:\/\/www.imperva.com\/docs\/HII_Web_Application_Attack_Report_Ed5.pdf. [Accessed 20 April 2015 ]. Imperva, \"Web Application Attack Report (WAAR) - October 2014,\" [Online]. Available: http:\/\/www.imperva.com\/docs\/HII_Web_Application_Attack_Report_Ed5.pdf. [Accessed 20 April 2015]."},{"volume-title":"Available: http:\/\/www.verizonenterprise.com\/DBIR\/2014\/reports\/rp_Verizon-DBIR-2014_en_xg.pdf. [Accessed","year":"2015","key":"e_1_3_2_1_6_1","unstructured":"Verizon Enterprise Solutions, \"Verizon Data Breach Investigations Report 2014,\" [Online]. Available: http:\/\/www.verizonenterprise.com\/DBIR\/2014\/reports\/rp_Verizon-DBIR-2014_en_xg.pdf. [Accessed 20 April 2015 ]. Verizon Enterprise Solutions, \"Verizon Data Breach Investigations Report 2014,\" [Online]. Available: http:\/\/www.verizonenterprise.com\/DBIR\/2014\/reports\/rp_Verizon-DBIR-2014_en_xg.pdf. [Accessed 20 April 2015]."},{"key":"e_1_3_2_1_7_1","volume-title":"Available: http:\/\/www-03.ibm.com\/security\/xforce\/downloads.html. [Accessed","author":"Force IBM","year":"2015","unstructured":"IBM X- Force , \" IBM X- Force Threat Intelligence Quarterly - 1 Q 2015,\" [Online]. Available: http:\/\/www-03.ibm.com\/security\/xforce\/downloads.html. [Accessed 9 April 2015 ]. IBM X-Force, \"IBM X-Force Threat Intelligence Quarterly - 1Q 2015,\" [Online]. Available: http:\/\/www-03.ibm.com\/security\/xforce\/downloads.html. [Accessed 9 April 2015]."},{"volume-title":"Available: https:\/\/www.exploit-db.com\/. [Accessed","year":"2015","key":"e_1_3_2_1_8_1","unstructured":"Offensive Security, \"Offensive Security Exploit Database Archive,\" [Online]. Available: https:\/\/www.exploit-db.com\/. [Accessed 20 April 2015 ]. Offensive Security, \"Offensive Security Exploit Database Archive,\" [Online]. Available: https:\/\/www.exploit-db.com\/. [Accessed 20 April 2015]."},{"volume-title":"Available: http:\/\/packetstormsecurity.com\/files\/tags\/exploit\/. [Accessed","year":"2015","key":"e_1_3_2_1_9_1","unstructured":"Packet Strom, \"Packet Storm Exploit Files,\" [Online]. Available: http:\/\/packetstormsecurity.com\/files\/tags\/exploit\/. [Accessed 20 April 2015 ]. Packet Strom, \"Packet Storm Exploit Files,\" [Online]. Available: http:\/\/packetstormsecurity.com\/files\/tags\/exploit\/. [Accessed 20 April 2015]."},{"key":"e_1_3_2_1_10_1","volume-title":"The Web Attacker Perspective -- A Field Study,\" in Proceedings of the 2010 IEEE 21st International Symposium on Software Reliability Engineering","author":"Fonseca J.","year":"2010","unstructured":"J. Fonseca , M. Vieira and H. Madeira , \" The Web Attacker Perspective -- A Field Study,\" in Proceedings of the 2010 IEEE 21st International Symposium on Software Reliability Engineering , 2010 . J. Fonseca, M. Vieira and H. Madeira, \"The Web Attacker Perspective -- A Field Study,\" in Proceedings of the 2010 IEEE 21st International Symposium on Software Reliability Engineering, 2010."},{"key":"e_1_3_2_1_11_1","volume-title":"A Practical Experience on the Impact of Plugins in Web Security,\" in IEEE 33rd International Symposium on Reliable Distributed Systems","author":"Fonseca J.","year":"2014","unstructured":"J. Fonseca and M. Vieira , \" A Practical Experience on the Impact of Plugins in Web Security,\" in IEEE 33rd International Symposium on Reliable Distributed Systems , 2014 . J. Fonseca and M. Vieira, \"A Practical Experience on the Impact of Plugins in Web Security,\" in IEEE 33rd International Symposium on Reliable Distributed Systems, 2014."},{"key":"e_1_3_2_1_12_1","volume-title":"Quo vadis? a study of the evolution of input validation vulnerabilities in web applications,\" in Proceedings of the 15th international conference on Financial Cryptography and Data Security","author":"Scholte T.","year":"2011","unstructured":"T. Scholte , D. Balzarotti and E. Kirda , \" Quo vadis? a study of the evolution of input validation vulnerabilities in web applications,\" in Proceedings of the 15th international conference on Financial Cryptography and Data Security , 2011 . T. Scholte, D. Balzarotti and E. Kirda, \"Quo vadis? a study of the evolution of input validation vulnerabilities in web applications,\" in Proceedings of the 15th international conference on Financial Cryptography and Data Security, 2011."},{"key":"e_1_3_2_1_13_1","volume-title":"State of the Art: Automated Black-BoxWeb Application Vulnerability Testing,\" in IEEE Symposium on Security and Privacy","author":"Bau J.","year":"2010","unstructured":"J. Bau , E. Bursztein , D. Gupta and J. Mitchell , \" State of the Art: Automated Black-BoxWeb Application Vulnerability Testing,\" in IEEE Symposium on Security and Privacy , 2010 . J. Bau, E. Bursztein, D. Gupta and J. Mitchell, \"State of the Art: Automated Black-BoxWeb Application Vulnerability Testing,\" in IEEE Symposium on Security and Privacy, 2010."},{"key":"e_1_3_2_1_14_1","first-page":"111","volume-title":"Berlin Heidelberg","author":"Doup\u00e9 A.","year":"2010","unstructured":"A. Doup\u00e9 , M. Cova and G. Vigna , \" Why Johnny Can't Pentest: An Analysis of Black-Box Web Vulnerability Scanners,\" in Detection of Intrusions and Malware, and Vulnerability Assessment , Berlin Heidelberg , Springer , 2010 , pp. 111 -- 131 . A. Doup\u00e9, M. Cova and G. Vigna, \"Why Johnny Can't Pentest: An Analysis of Black-Box Web Vulnerability Scanners,\" in Detection of Intrusions and Malware, and Vulnerability Assessment, Berlin Heidelberg, Springer, 2010, pp. 111--131."},{"key":"e_1_3_2_1_15_1","volume-title":"A Classification of SQL Injection Attacks and Countermeasures,\" in Proceedings of the IEEE International Symposium on Secure Software Engineering","author":"Halfond W. G.","year":"2006","unstructured":"W. G. Halfond , J. Viegas and A. Orso , \" A Classification of SQL Injection Attacks and Countermeasures,\" in Proceedings of the IEEE International Symposium on Secure Software Engineering , 2006 . W. G. Halfond, J. Viegas and A. Orso, \"A Classification of SQL Injection Attacks and Countermeasures,\" in Proceedings of the IEEE International Symposium on Secure Software Engineering, 2006."},{"key":"e_1_3_2_1_16_1","volume-title":"Jaipur","author":"Gupta M. K.","year":"2014","unstructured":"M. K. Gupta , M. Govil and G. Singh , \" Static Analysis Approaches to Detect SQL Injection and Cross Site Scripting Vulnerabilities in Web Applications: A Survey,\" in IEEE International Conference on Recent Advances and Innovations in Engineering , Jaipur , India , 2014 . M. K. Gupta, M. Govil and G. Singh, \"Static Analysis Approaches to Detect SQL Injection and Cross Site Scripting Vulnerabilities in Web Applications: A Survey,\" in IEEE International Conference on Recent Advances and Innovations in Engineering, Jaipur, India, 2014."},{"key":"e_1_3_2_1_17_1","volume-title":"Fortaleza","author":"Kemalis K.","year":"2008","unstructured":"K. Kemalis and T. Tzouramanis , \" SQL-IDS: A Specification-based Approach for SQL injection Detection,\" in Proceedings of the 2008 ACM symposium on Applied computing (SAC '08) , Fortaleza , Cear\u00e1, Brazil , 2008 . K. Kemalis and T. Tzouramanis, \"SQL-IDS: A Specification-based Approach for SQL injection Detection,\" in Proceedings of the 2008 ACM symposium on Applied computing (SAC '08), Fortaleza, Cear\u00e1, Brazil, 2008."},{"key":"e_1_3_2_1_18_1","volume-title":"New Generations","author":"Junjin M.","year":"2009","unstructured":"M. Junjin , \"An approach for SQL injection vulnerability detection,\" in Sixth International Conference on Information Technology : New Generations , 2009 . M. Junjin, \"An approach for SQL injection vulnerability detection,\" in Sixth International Conference on Information Technology: New Generations, 2009."},{"key":"e_1_3_2_1_19_1","volume-title":"Long Beach","author":"Halfond W. G.","year":"2005","unstructured":"W. G. Halfond and A. Orso , \" AMNESIA: Analysis and monitoring for neutralizing SQL injection attacks,\" in 20th IEEE\/ACM International Conference on Automated Software Engineering , Long Beach , California, USA , 2005 . W. G. Halfond and A. Orso, \"AMNESIA: Analysis and monitoring for neutralizing SQL injection attacks,\" in 20th IEEE\/ACM International Conference on Automated Software Engineering, Long Beach, California, USA, 2005."},{"issue":"11","key":"e_1_3_2_1_20_1","volume":"34","author":"Csallner C.","unstructured":"C. Csallner and Y. Smaragdakis , \"JCrasher: an automatic robustness tester for Java,\" in Journal Software-Practice & Experience Volume 34 Issue 11 , New York, NY, USA, 2004. C. Csallner and Y. Smaragdakis, \"JCrasher: an automatic robustness tester for Java,\" in Journal Software-Practice & Experience Volume 34 Issue 11, New York, NY, USA, 2004.","journal-title":"\"JCrasher: an automatic robustness tester for Java,\" in Journal Software-Practice & Experience"},{"key":"e_1_3_2_1_21_1","volume-title":"SQLrand: Preventing SQL Injection Attacks,\" in Proceedings of the 2nd Applied Cryptography and Network Security (ACNS '04) Conference","author":"Boyd S.","year":"2004","unstructured":"S. Boyd and A. Keromytis , \" SQLrand: Preventing SQL Injection Attacks,\" in Proceedings of the 2nd Applied Cryptography and Network Security (ACNS '04) Conference , 2004 . S. Boyd and A. Keromytis, \"SQLrand: Preventing SQL Injection Attacks,\" in Proceedings of the 2nd Applied Cryptography and Network Security (ACNS '04) Conference, 2004."},{"key":"e_1_3_2_1_22_1","volume-title":"SQL DOM: compile time checking of dynamic SQL statements,\" in 27th International Conference on Software Engineering (ICSE","author":"McClure R.","year":"2005","unstructured":"R. McClure and I. Kruger , \" SQL DOM: compile time checking of dynamic SQL statements,\" in 27th International Conference on Software Engineering (ICSE 2005 ), 2005. R. McClure and I. Kruger, \"SQL DOM: compile time checking of dynamic SQL statements,\" in 27th International Conference on Software Engineering (ICSE 2005), 2005."},{"key":"e_1_3_2_1_23_1","volume-title":"Securing web application code by static analysis and runtime protection,\" in 13th international conference on World Wide Web","author":"Huang Y.-W.","year":"2004","unstructured":"Y.-W. Huang , F. Yu , C. Hang , C.-H. Tsai and D. T. Lee , \" Securing web application code by static analysis and runtime protection,\" in 13th international conference on World Wide Web , 2004 . Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai and D. T. Lee, \"Securing web application code by static analysis and runtime protection,\" in 13th international conference on World Wide Web, 2004."},{"key":"e_1_3_2_1_24_1","volume-title":"Lissabon","author":"Buehrer G. T.","year":"2005","unstructured":"G. T. Buehrer , B. W. Weide and P. A. G. Sivilotti , \"Using parse tree validation to prevent SQL injection attacks,\" in International Workshop on Software Engineering and Middleware , Lissabon , Portugal , 2005 . G. T. Buehrer, B. W. Weide and P. A. G. Sivilotti, \"Using parse tree validation to prevent SQL injection attacks,\" in International Workshop on Software Engineering and Middleware, Lissabon, Portugal, 2005."},{"key":"e_1_3_2_1_25_1","volume-title":"Alexandria","author":"Bandhakavi S.","year":"2007","unstructured":"S. Bandhakavi , P. Bisht , P. Madhusudan and V. N. Venkatakrishnan , \" CANDID: Preventing SQL injection attacks using dynamic candidate evaluations,\" in ACM Conference on Computer and Communications Security (CCS) , Alexandria , Virginia, USA , 2007 . S. Bandhakavi, P. Bisht, P. Madhusudan and V. N. Venkatakrishnan, \"CANDID: Preventing SQL injection attacks using dynamic candidate evaluations,\" in ACM Conference on Computer and Communications Security (CCS), Alexandria, Virginia, USA, 2007."},{"issue":"4","key":"e_1_3_2_1_26_1","volume":"38","author":"Ali S.","year":"2009","unstructured":"S. Ali , S. K. Shahzad and H. Javed , \"SQLIPA: An Authentication Mechanism Against SQL Injection,\" in European Journal of Scientific Research , Vol. 38 , No. 4 , 2009 . S. Ali, S. K. Shahzad and H. Javed, \"SQLIPA: An Authentication Mechanism Against SQL Injection,\" in European Journal of Scientific Research, Vol. 38, No. 4, 2009.","journal-title":"\"SQLIPA: An Authentication Mechanism Against SQL Injection,\" in European Journal of Scientific Research"},{"key":"e_1_3_2_1_27_1","volume-title":"Charleston","author":"Su Z.","year":"2006","unstructured":"Z. Su and G. Wassermann , \" The essence of command injection attacks in web applications,\" in Symposium on Principles of Programming Languages , Charleston , South Carolina, USA , 2006 . Z. Su and G. Wassermann, \"The essence of command injection attacks in web applications,\" in Symposium on Principles of Programming Languages, Charleston, South Carolina, USA, 2006."},{"key":"e_1_3_2_1_28_1","first-page":"313","volume-title":"DIWeDa - Detecting Intrusions in Web Databases,\" in Data and Applications Security XXII","author":"Roichman A.","year":"2008","unstructured":"A. Roichman and E. Gudes , \" DIWeDa - Detecting Intrusions in Web Databases,\" in Data and Applications Security XXII , London, UK , Springer , 2008 , pp. 313 -- 329 . A. Roichman and E. Gudes, \"DIWeDa - Detecting Intrusions in Web Databases,\" in Data and Applications Security XXII, London, UK, Springer, 2008, pp. 313--329."},{"key":"e_1_3_2_1_29_1","volume-title":"Enemy of the state: a state-aware black-box web vulnerability scanner,\" in Proceedings of the 21st USENIX conference on Security symposium","author":"Doup\u00e9 A.","year":"2012","unstructured":"A. Doup\u00e9 , L. Cavedon , C. Kruegel and G. Vigna , \" Enemy of the state: a state-aware black-box web vulnerability scanner,\" in Proceedings of the 21st USENIX conference on Security symposium , 2012 . A. Doup\u00e9, L. Cavedon, C. Kruegel and G. Vigna, \"Enemy of the state: a state-aware black-box web vulnerability scanner,\" in Proceedings of the 21st USENIX conference on Security symposium, 2012."},{"key":"e_1_3_2_1_30_1","first-page":"32","volume-title":"Web Application Security Assessment Tools,\" Security & Privacy","author":"Curphey M.","year":"2006","unstructured":"M. Curphey and R. Araujo , \" Web Application Security Assessment Tools,\" Security & Privacy , IEEE (Volume: 4, Issue : 4), pp. 32 -- 41 , 2006 . M. Curphey and R. Araujo, \"Web Application Security Assessment Tools,\" Security & Privacy, IEEE (Volume: 4, Issue: 4), pp. 32--41, 2006."},{"key":"e_1_3_2_1_31_1","unstructured":"L. Suto \"Analyzing the Accuracy and Time Costs of Web Application Security Scanners \" Februar 2010. [Online]. Available: http:\/\/www.beyondtrust.com\/Content\/whitepapers\/Analyzing-the-Accuracy-and-Time-Costs-of-Web-Application-Security-Scanners.pdf. [Accessed 05 05 2015].  L. Suto \"Analyzing the Accuracy and Time Costs of Web Application Security Scanners \" Februar 2010. [Online]. Available: http:\/\/www.beyondtrust.com\/Content\/whitepapers\/Analyzing-the-Accuracy-and-Time-Costs-of-Web-Application-Security-Scanners.pdf. [Accessed 05 05 2015]."},{"key":"e_1_3_2_1_32_1","volume-title":"DSN '09. IEEE\/IFIP International Conference","author":"Vieira M.","year":"2009","unstructured":"M. Vieira , N. Antunes and H. Madeira , \" Using Web Security Scanners to Detect Vulnerabilities in Web Services,\" in Dependable Systems & Networks, 2009 . DSN '09. IEEE\/IFIP International Conference , 2009 . M. Vieira, N. Antunes and H. Madeira, \"Using Web Security Scanners to Detect Vulnerabilities in Web Services,\" in Dependable Systems & Networks, 2009. DSN '09. IEEE\/IFIP International Conference, 2009."},{"key":"e_1_3_2_1_33_1","volume-title":"Innovative Attacks, and Remedies,\" in International Journal of Communication Networks & Information Security","author":"Kindy D. A.","year":"2013","unstructured":"D. A. Kindy and A.-S. K. Pathan , \" A Detailed Survey on Various Aspects of SQL Injection in Web Applications : Vulnerabilities , Innovative Attacks, and Remedies,\" in International Journal of Communication Networks & Information Security , 2013 . D. A. Kindy and A.-S. K. Pathan, \"A Detailed Survey on Various Aspects of SQL Injection in Web Applications: Vulnerabilities, Innovative Attacks, and Remedies,\" in International Journal of Communication Networks & Information Security, 2013."},{"key":"e_1_3_2_1_34_1","volume-title":"Security, Risk, and Trust, and IEEE International Conference on Social Computing","author":"Khoury N.","year":"2011","unstructured":"N. Khoury , P. Zavarsky , D. Lindskog and R. Ruhl , \" An Analysis of Black-Box Web Application Security Scanners against Stored SQL Injection,\" in IEEE International Conference on Privacy , Security, Risk, and Trust, and IEEE International Conference on Social Computing , 2011 . N. Khoury, P. Zavarsky, D. Lindskog and R. Ruhl, \"An Analysis of Black-Box Web Application Security Scanners against Stored SQL Injection,\" in IEEE International Conference on Privacy, Security, Risk, and Trust, and IEEE International Conference on Social Computing, 2011."},{"volume-title":"Available: https:\/\/www.owasp.org\/index.php\/Top_10_2013-Top_10. [Accessed","year":"2015","key":"e_1_3_2_1_35_1","unstructured":"Open Web Application Security Project (OWASP), \"2013 Top Ten List,\" [Online]. Available: https:\/\/www.owasp.org\/index.php\/Top_10_2013-Top_10. [Accessed 20 April 2015 ]. Open Web Application Security Project (OWASP), \"2013 Top Ten List,\" [Online]. Available: https:\/\/www.owasp.org\/index.php\/Top_10_2013-Top_10. [Accessed 20 April 2015]."},{"key":"e_1_3_2_1_36_1","volume-title":"Available: https:\/\/github.com\/tannerm\/wp_archive. [Accessed","author":"Archive WP","year":"2015","unstructured":"\" WP Archive ,\" [Online]. Available: https:\/\/github.com\/tannerm\/wp_archive. [Accessed 20 April 2015 ]. \"WP Archive,\" [Online]. Available: https:\/\/github.com\/tannerm\/wp_archive. [Accessed 20 April 2015]."},{"volume-title":"Available: https:\/\/github.com\/Varying-Vagrant-Vagrants\/VVV\/. [Accessed","year":"2015","key":"e_1_3_2_1_37_1","unstructured":"\"Varying Vagrant Vagrants,\" [Online]. Available: https:\/\/github.com\/Varying-Vagrant-Vagrants\/VVV\/. [Accessed 20 April 2015 ]. \"Varying Vagrant Vagrants,\" [Online]. Available: https:\/\/github.com\/Varying-Vagrant-Vagrants\/VVV\/. [Accessed 20 April 2015]."},{"key":"e_1_3_2_1_38_1","volume-title":"Available: https:\/\/www.kali.org\/. [Accessed","author":"Flexible Penetration Testing Platform A","year":"2015","unstructured":"Kali Linux, \"Kali Linux - A Flexible Penetration Testing Platform ,\" [Online]. Available: https:\/\/www.kali.org\/. [Accessed 20 April 2015 ]. Kali Linux, \"Kali Linux - A Flexible Penetration Testing Platform,\" [Online]. Available: https:\/\/www.kali.org\/. [Accessed 20 April 2015]."},{"key":"e_1_3_2_1_39_1","volume-title":"USA","author":"Finifter M.","year":"2011","unstructured":"M. Finifter and D. Wagner , \" Exploring the Relationship Between Web Application Development Tools and Security,\" in Proceedings of the 2nd USENIX conference on Web application development, Berkeley, CA , USA , 2011 . M. Finifter and D. Wagner, \"Exploring the Relationship Between Web Application Development Tools and Security,\" in Proceedings of the 2nd USENIX conference on Web application development, Berkeley, CA, USA, 2011."}],"event":{"name":"iiWAS '15: The 17th International Conference on Information Integration and Web-based Application & Services","acronym":"iiWAS '15","location":"Brussels Belgium"},"container-title":["Proceedings of the 17th International Conference on Information Integration and Web-based Applications &amp; Services"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2837185.2837195","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2837185.2837195","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T05:48:21Z","timestamp":1750225701000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2837185.2837195"}},"subtitle":["an analysis based on publicly available exploits"],"short-title":[],"issued":{"date-parts":[[2015,12,11]]},"references-count":39,"alternative-id":["10.1145\/2837185.2837195","10.1145\/2837185"],"URL":"https:\/\/doi.org\/10.1145\/2837185.2837195","relation":{},"subject":[],"published":{"date-parts":[[2015,12,11]]},"assertion":[{"value":"2015-12-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}