{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T00:49:17Z","timestamp":1775868557290,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,8,21]],"date-time":"2017-08-21T00:00:00Z","timestamp":1503273600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001866","name":"Fonds National de la Recherche Luxembourg","doi-asserted-by":"publisher","award":["FNR9132112, INTER\/DFG\/14\/11092585, FNR\/P10\/03"],"award-info":[{"award-number":["FNR9132112, INTER\/DFG\/14\/11092585, FNR\/P10\/03"]}],"id":[{"id":"10.13039\/501100001866","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,8,21]]},"DOI":"10.1145\/3106237.3122822","type":"proceedings-article","created":{"date-parts":[[2017,8,2]],"date-time":"2017-08-02T19:36:18Z","timestamp":1501702578000},"page":"1004-1008","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["JoanAudit: a tool for auditing common injection vulnerabilities"],"prefix":"10.1145","author":[{"given":"Julian","family":"Thom\u00e9","sequence":"first","affiliation":[{"name":"University of Luxembourg, Luxembourg"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lwin Khin","family":"Shar","sequence":"additional","affiliation":[{"name":"University of Luxembourg, Luxembourg"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Domenico","family":"Bianculli","sequence":"additional","affiliation":[{"name":"University of Luxembourg, Luxembourg"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lionel C.","family":"Briand","sequence":"additional","affiliation":[{"name":"University of Luxembourg, Luxembourg"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,8,21]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SCC.2013.28"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2610403"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2008.130"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2408776.2408795"},{"key":"e_1_3_2_1_5_1","unstructured":"Stephen Cass. 2016. The 2016 Top Programming Languages. http:\/\/spectrum. ieee.org\/computing\/software\/the-2016-top-programming-languages. (2016).  Stephen Cass. 2016. The 2016 Top Programming Languages. http:\/\/spectrum. ieee.org\/computing\/software\/the-2016-top-programming-languages. (2016)."},{"key":"e_1_3_2_1_7_1","volume-title":"Luke Daley Deboer, and Rene Gr\u00f6schke","author":"Dockter Adam Hans","year":"2017","unstructured":"Adam Hans Dockter , Szczepan Murdoch , Peter Faber , Daz Niederwieser , Luke Daley Deboer, and Rene Gr\u00f6schke . 2017 . The Gradle Build Tool . https:\/\/gradle. org. (2017). Adam Hans Dockter, Szczepan Murdoch, Peter Faber, Daz Niederwieser, Luke Daley Deboer, and Rene Gr\u00f6schke. 2017. The Gradle Build Tool. https:\/\/gradle. org. (2017)."},{"key":"e_1_3_2_1_8_1","unstructured":"Apache Software Foundation. 2017. The Apache Maven Project. https:\/\/maven. apache.org\/. (2017).  Apache Software Foundation. 2017. The Apache Maven Project. https:\/\/maven. apache.org\/. (2017)."},{"key":"e_1_3_2_1_9_1","unstructured":"J\u00fcrgen Graf Martin Mohr Martin Hecker Simon Bischof and Tobias Blaschke. 2017.  J\u00fcrgen Graf Martin Mohr Martin Hecker Simon Bischof and Tobias Blaschke. 2017."},{"key":"e_1_3_2_1_10_1","unstructured":"Joana - Information Flow Control for Java. https:\/\/github.com\/ joana-team\/joana. (2017).  Joana - Information Flow Control for Java. https:\/\/github.com\/ joana-team\/joana. (2017)."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2007.70748"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/77606.77608"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1052883.1052895"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-54804-8_10"},{"key":"e_1_3_2_1_16_1","unstructured":"IBM. 2017. T. J. Watson Libraries for Analysis (WALA). http:\/\/wala. sourceforge.net. (2017).  IBM. 2017. T. J. Watson Libraries for Analysis (WALA). http:\/\/wala. sourceforge.net. (2017)."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931042"},{"key":"e_1_3_2_1_18_1","unstructured":"ACM New York NY USA 12\u201323.  ACM New York NY USA 12\u201323."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-31984-9_20"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.29"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2009.5070521"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSC.2012.39"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635878"},{"key":"e_1_3_2_1_24_1","unstructured":"Lightbend and Zengularity. 2017. The Play Framework. https:\/\/www. playframework.com\/. (2017).  Lightbend and Zengularity. 2017. The Play Framework. https:\/\/www. playframework.com\/. (2017)."},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of USENIX Security","author":"Benjamin Livshits V.","year":"2005","unstructured":"V. Benjamin Livshits and Monica S. Lam . 2005. Finding Security Vulnerabilities in Java Applications with Static Analysis . In Proceedings of USENIX Security 2005 . V. Benjamin Livshits and Monica S. Lam. 2005. Finding Security Vulnerabilities in Java Applications with Static Analysis. In Proceedings of USENIX Security 2005."},{"key":"e_1_3_2_1_26_1","unstructured":"USENIX Association Berkeley CA USA 18\u201318.  USENIX Association Berkeley CA USA 18\u201318."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-04519-1_10"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931041"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/800020.808263"},{"key":"e_1_3_2_1_30_1","unstructured":"OWASP. 2017. OWASP Top 10. https:\/\/www.owasp.org\/index.php\/ Category:OWASP_Top_Ten_Project. (2017).  OWASP. 2017. OWASP Top 10. https:\/\/www.owasp.org\/index.php\/ Category:OWASP_Top_Ten_Project. (2017)."},{"key":"e_1_3_2_1_31_1","unstructured":"OWASP. 2017. Static Code Analysis. https:\/\/www.owasp.org\/index.php\/ Static_Code_Analysis. (2017).  OWASP. 2017. Static Code Analysis. https:\/\/www.owasp.org\/index.php\/ Static_Code_Analysis. (2017)."},{"key":"e_1_3_2_1_32_1","volume-title":"Proceedings of WebApps","author":"Papagiannis Ioannis","year":"2011","unstructured":"Ioannis Papagiannis , Matteo Migliavacca , and Peter Pietzuch . 2011 . PHP Aspis: Using Partial Taint Tracking to Protect Against Injection Attacks . In Proceedings of WebApps 2011. USENIX Association, Berkeley, CA, USA, 2\u20132. Ioannis Papagiannis, Matteo Migliavacca, and Peter Pietzuch. 2011. PHP Aspis: Using Partial Taint Tracking to Protect Against Injection Attacks. In Proceedings of WebApps 2011. USENIX Association, Berkeley, CA, USA, 2\u20132."},{"key":"e_1_3_2_1_33_1","volume-title":"Proceedings of FutureTech","author":"P\u00e9rez Pablo Mart\u00edn","year":"2011","unstructured":"Pablo Mart\u00edn P\u00e9rez , Joanna Filipiak , and Jos\u00e9 Mar\u00eda Sierra . 2011. LAPSE+ Static Analysis Security Software : Vulnerabilities Detection in Java EE Applications . In Proceedings of FutureTech 2011 . Springer , Berlin, Heidelberg , 148\u2013156. Pablo Mart\u00edn P\u00e9rez, Joanna Filipiak, and Jos\u00e9 Mar\u00eda Sierra. 2011. LAPSE+ Static Analysis Security Software: Vulnerabilities Detection in Java EE Applications. In Proceedings of FutureTech 2011. Springer, Berlin, Heidelberg, 148\u2013156."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2013.08.007"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.83"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/HASE.2012.31"},{"key":"e_1_3_2_1_37_1","unstructured":"SpringSource. 2017. The Spring Framework. https:\/\/spring.io\/. (2017).  SpringSource. 2017. The Spring Framework. https:\/\/spring.io\/. (2017)."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1111037.1111070"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-53703-5_8"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2593833.2593835"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.26"},{"key":"e_1_3_2_1_42_1","volume-title":"Domenico Bianculli, and Lionel C. Briand.","author":"Thom\u00e9 Julian","year":"2017","unstructured":"Julian Thom\u00e9 , Lwin Khin Shar , Domenico Bianculli, and Lionel C. Briand. 2017 . Security slicing for auditing common injection vulnerabilities. (2017). Julian Thom\u00e9, Lwin Khin Shar, Domenico Bianculli, and Lionel C. Briand. 2017. Security slicing for auditing common injection vulnerabilities. (2017)."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2015.7381847"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37057-1_15"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542486"},{"key":"e_1_3_2_1_46_1","volume-title":"Proceedings of CASCON","author":"Vall\u00e9e-Rai Raja","year":"1999","unstructured":"Raja Vall\u00e9e-Rai , Phong Co , Etienne Gagnon , Laurie J. Hendren , Patrick Lam , and Vijay Sundaresan . 1999 . Soot - a Java bytecode optimization framework . In Proceedings of CASCON 1999. IBM, Indianapolis, Indiana, USA, 13. Raja Vall\u00e9e-Rai, Phong Co, Etienne Gagnon, Laurie J. Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot - a Java bytecode optimization framework. In Proceedings of CASCON 1999. IBM, Indianapolis, Indiana, USA, 13."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.44"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2629536"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-12002-2_13"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.5555\/2486788.2486874"}],"event":{"name":"ESEC\/FSE'17: Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering","location":"Paderborn Germany","acronym":"ESEC\/FSE'17","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3106237.3122822","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3106237.3122822","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:30:17Z","timestamp":1750217417000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3106237.3122822"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,8,21]]},"references-count":48,"alternative-id":["10.1145\/3106237.3122822","10.1145\/3106237"],"URL":"https:\/\/doi.org\/10.1145\/3106237.3122822","relation":{},"subject":[],"published":{"date-parts":[[2017,8,21]]},"assertion":[{"value":"2017-08-21","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}