{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,30]],"date-time":"2026-04-30T16:34:45Z","timestamp":1777566885327,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":32,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,30]]},"DOI":"10.1145\/3140549.3140559","type":"proceedings-article","created":{"date-parts":[[2017,10,31]],"date-time":"2017-10-31T12:31:37Z","timestamp":1509453097000},"page":"17-26","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":14,"title":["WebMTD"],"prefix":"10.1145","author":[{"given":"Amirreza","family":"Niakanlahiji","sequence":"first","affiliation":[{"name":"University of North Carolina, Charlotte, Charlotte, NC, USA"}]},{"given":"Jafar Haadi","family":"Jafarian","sequence":"additional","affiliation":[{"name":"University of Colorado Denver, Denver, CO, USA"}]}],"member":"320","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Akamai 2017. akamai's [state of the internet] - Q3 2016 report. https:\/\/www.akamai.com\/us\/en\/multimedia\/documents\/state-of-the-internet\/q3-2016-state-of-the-internet-connectivity-report.pdf. (2017).  Akamai 2017. akamai's [state of the internet] - Q3 2016 report. https:\/\/www.akamai.com\/us\/en\/multimedia\/documents\/state-of-the-internet\/q3-2016-state-of-the-internet-connectivity-report.pdf. (2017)."},{"key":"e_1_3_2_1_2_1","volume-title":"Proceedings of the 2010 USENIX conference on Web application development. USENIX Association, 13--13","author":"Athanasopoulos Elias","year":"2010","unstructured":"Elias Athanasopoulos , Vasilis Pappas , Antonis Krithinakis , Spyros Ligouras , Evangelos P. Markatos , and Thomas Karagiannis . 2010 . xJS: practical XSS prevention for web application development . In Proceedings of the 2010 USENIX conference on Web application development. USENIX Association, 13--13 . Elias Athanasopoulos, Vasilis Pappas, Antonis Krithinakis, Spyros Ligouras, Evangelos P. Markatos, and Thomas Karagiannis. 2010. xJS: practical XSS prevention for web application development. In Proceedings of the 2010 USENIX conference on Web application development. USENIX Association, 13--13."},{"key":"e_1_3_2_1_3_1","unstructured":"Ron Ausbrooks Stephen Buswell David Carlisle St\u00e9phane Dalmas Stan Devitt Angel Diaz Max Froumentin Roger Hunter Patrick Ion Michael Kohlhase etal 2003. Mathematical markup language (MathML) version 2.0 . W3C Recommendation. World Wide Web Consortium Vol. 2003 (2003).  Ron Ausbrooks Stephen Buswell David Carlisle St\u00e9phane Dalmas Stan Devitt Angel Diaz Max Froumentin Roger Hunter Patrick Ion Michael Kohlhase et al. 2003. Mathematical markup language (MathML) version 2.0 . W3C Recommendation. World Wide Web Consortium Vol. 2003 (2003)."},{"key":"e_1_3_2_1_4_1","unstructured":"binishala. 2016. amazon.com Security Vulnerability. https:\/\/www.openbugbounty.org\/incidents\/152371\/. (2016).  binishala. 2016. amazon.com Security Vulnerability. https:\/\/www.openbugbounty.org\/incidents\/152371\/. (2016)."},{"key":"e_1_3_2_1_5_1","unstructured":"Matt Bishop Michael Dilger etal 1996. Checking for race conditions in file accesses. Computing systems Vol. 2 2 (1996) 131--152.  Matt Bishop Michael Dilger et al. 1996. Checking for race conditions in file accesses. Computing systems Vol. 2 2 (1996) 131--152."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_2"},{"key":"e_1_3_2_1_7_1","unstructured":"Brute. 2016. ebay.com Security Vulnerability. https:\/\/www.openbugbounty.org\/incidents\/121171\/. (2016).  Brute. 2016. ebay.com Security Vulnerability. https:\/\/www.openbugbounty.org\/incidents\/121171\/. (2016)."},{"key":"e_1_3_2_1_8_1","unstructured":"Enhancesoft. 2016. osTicket - Support Ticket System. http:\/\/osticket.com\/. (2016).  Enhancesoft. 2016. osTicket - Support Ticket System. http:\/\/osticket.com\/. (2016)."},{"key":"e_1_3_2_1_9_1","unstructured":"Jon Ferraiolo Fujisawa Jun and Dean Jackson. 2000. Scalable vector graphics (SVG) 1.0 specification. iuniverse.  Jon Ferraiolo Fujisawa Jun and Dean Jackson. 2000. Scalable vector graphics (SVG) 1.0 specification. iuniverse."},{"key":"e_1_3_2_1_10_1","unstructured":"Jaap Haitsma. 2017. ReloadEvery Add-on. https:\/\/addons.mozilla.org\/enUS\/firefox\/addon\/reloadevery\/. (2017).  Jaap Haitsma. 2017. ReloadEvery Add-on. https:\/\/addons.mozilla.org\/enUS\/firefox\/addon\/reloadevery\/. (2017)."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"crossref","unstructured":"Mario Heiderich Marcus Niemietz Felix Schuster Thorsten Holz and J\u00f6rg Schwenk. 2012. Scriptless attacks: stealing the pie without touching the sill Proceedings of the 2012 ACM conference on Computer and communications security. ACM 760--771.  Mario Heiderich Marcus Niemietz Felix Schuster Thorsten Holz and J\u00f6rg Schwenk. 2012. Scriptless attacks: stealing the pie without touching the sill Proceedings of the 2012 ACM conference on Computer and communications security. ACM 760--771.","DOI":"10.1145\/2382196.2382276"},{"key":"e_1_3_2_1_12_1","unstructured":"Automattic Inc. 2016. WordPress. http:\/\/wordpress.com\/. (2016).  Automattic Inc. 2016. WordPress. http:\/\/wordpress.com\/. (2016)."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2015.2467358"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4614-0977-9"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242654"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.29"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948146"},{"key":"e_1_3_2_1_18_1","first-page":"365","article-title":"DOM based cross site scripting or XSS of the third kind","volume":"4","author":"Klein Amit","year":"2005","unstructured":"Amit Klein . 2005 . DOM based cross site scripting or XSS of the third kind . Web Application Security Consortium, Articles Vol. 4 (2005), 365 -- 372 . Amit Klein. 2005. DOM based cross site scripting or XSS of the third kind. Web Application Security Consortium, Articles Vol. 4 (2005), 365--372.","journal-title":"Web Application Security Consortium, Articles"},{"key":"e_1_3_2_1_19_1","unstructured":"MITRE. [n. d.]. CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition. https:\/\/cwe.mitre.org\/data\/definitions\/367.html. ([n. d.]).  MITRE. [n. d.]. CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition. https:\/\/cwe.mitre.org\/data\/definitions\/367.html. ([n. d.])."},{"key":"e_1_3_2_1_20_1","unstructured":"osCommerce. 2016. osCommerce. http:\/\/oscommerce.com\/. (2016).  osCommerce. 2016. osCommerce. http:\/\/oscommerce.com\/. (2016)."},{"key":"e_1_3_2_1_21_1","unstructured":"OWASP. 2013. Top 10: Ten Most Critical Web Application Security Risks. (2013).  OWASP. 2013. Top 10: Ten Most Critical Web Application Security Risks. (2013)."},{"key":"e_1_3_2_1_22_1","unstructured":"Rochen. 2016. Joomla! http:\/\/joomla.com\/. (2016).  Rochen. 2016. Joomla! http:\/\/joomla.com\/. (2016)."},{"key":"e_1_3_2_1_23_1","volume-title":"Springer Berlin Heidelberg","author":"Scholte Theodoor","unstructured":"Theodoor Scholte , Davide Balzarotti , and Engin Kirda . 2012. Quo Vadis? A Study of the Evolution of Input Validation Vulnerabilities in Web Applications . Springer Berlin Heidelberg , Berlin, Heidelberg , 284--298. https:\/\/doi.org\/10.1007\/978-3-642-27576-0_24 10.1007\/978-3-642-27576-0_24 Theodoor Scholte, Davide Balzarotti, and Engin Kirda. 2012. Quo Vadis? A Study of the Evolution of Input Validation Vulnerabilities in Web Applications. Springer Berlin Heidelberg, Berlin, Heidelberg, 284--298. https:\/\/doi.org\/10.1007\/978-3-642-27576-0_24"},{"key":"e_1_3_2_1_24_1","volume-title":"OWASP: CSRFGuard Project.","author":"Sheridan Eric","year":"2011","unstructured":"Eric Sheridan . 2011 . OWASP: CSRFGuard Project. (2011). Eric Sheridan. 2011. OWASP: CSRFGuard Project. (2011)."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772784"},{"key":"e_1_3_2_1_26_1","unstructured":"PaX Team. 2003. PaX address space layout randomization (ASLR). (2003).  PaX Team. 2003. PaX address space layout randomization (ASLR). (2003)."},{"key":"e_1_3_2_1_27_1","volume-title":"Noncespaces: Using randomization to defeat cross-site scripting attacks. computers & security","author":"Gundy Matthew Van","year":"2012","unstructured":"Matthew Van Gundy and Hao Chen . 2012 . Noncespaces: Using randomization to defeat cross-site scripting attacks. computers & security Vol. 31 , 4 (2012), 612--628. Matthew Van Gundy and Hao Chen. 2012. Noncespaces: Using randomization to defeat cross-site scripting attacks. computers & security Vol. 31, 4 (2012), 612--628."},{"key":"e_1_3_2_1_28_1","volume-title":"CSRF token-stealing attack (user. tokens). Mozilla, a ticket","author":"B. Vibber","year":"2014","unstructured":"B. Vibber 2014. CSRF token-stealing attack (user. tokens). Mozilla, a ticket ( 2014 ). B. Vibber 2014. CSRF token-stealing attack (user. tokens). Mozilla, a ticket (2014)."},{"key":"e_1_3_2_1_29_1","volume-title":"HTML5 A vocabulary and associated APIs for HTML and XHTML. W3C Recommendation","author":"World Wide Web Consortium (W3C). 2014.","year":"2014","unstructured":"World Wide Web Consortium (W3C). 2014. HTML5 A vocabulary and associated APIs for HTML and XHTML. W3C Recommendation 28 October 2014 . https:\/\/www.w3.org\/TR\/html5\/scripting-1.html. (2014). World Wide Web Consortium (W3C). 2014. HTML5 A vocabulary and associated APIs for HTML and XHTML. W3C Recommendation 28 October 2014. https:\/\/www.w3.org\/TR\/html5\/scripting-1.html. (2014)."},{"key":"e_1_3_2_1_30_1","volume-title":"W3C Recommendation","author":"World Wide Web Consortium (W3C). 2015. W3C DOM4.","year":"2015","unstructured":"World Wide Web Consortium (W3C). 2015. W3C DOM4. W3C Recommendation 19 November 2015 . https:\/\/www.w3.org\/TR\/dom\/. (2015). World Wide Web Consortium (W3C). 2015. W3C DOM4. W3C Recommendation 19 November 2015. https:\/\/www.w3.org\/TR\/dom\/. (2015)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/2028040.2028048"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11379-1_11"}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","location":"Dallas Texas USA","acronym":"CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2017 Workshop on Moving Target Defense"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3140549.3140559","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3140549.3140559","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:11:21Z","timestamp":1750212681000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3140549.3140559"}},"subtitle":["Defeating Web Code Injection Attacks using Web Element Attribute Mutation"],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":32,"alternative-id":["10.1145\/3140549.3140559","10.1145\/3140549"],"URL":"https:\/\/doi.org\/10.1145\/3140549.3140559","relation":{},"subject":[],"published":{"date-parts":[[2017,10,30]]},"assertion":[{"value":"2017-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}