{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T15:49:39Z","timestamp":1774367379414,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":32,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,5,28]],"date-time":"2018-05-28T00:00:00Z","timestamp":1527465600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Austrian Research Promotion Agency (FFG)","award":["865248"],"award-info":[{"award-number":["865248"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,5,28]]},"DOI":"10.1145\/3194733.3194738","type":"proceedings-article","created":{"date-parts":[[2018,6,27]],"date-time":"2018-06-27T12:22:47Z","timestamp":1530102167000},"page":"20-26","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Planning-based security testing of web applications"],"prefix":"10.1145","author":[{"given":"Josip","family":"Bozic","sequence":"first","affiliation":[{"name":"Graz University of Technology, Graz, Austria"}]},{"given":"Franz","family":"Wotawa","sequence":"additional","affiliation":[{"name":"Graz University of Technology, Graz, Austria"}]}],"member":"320","published-online":{"date-parts":[[2018,5,28]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"d.}. Apache HttpComponents - HttpClient. ({n. d.}). Retrieved","year":"2018","unstructured":"{n. d.}. Apache HttpComponents - HttpClient. ({n. d.}). Retrieved February 2, 2018 from https:\/\/hc.apache.org\/httpcomponents-client-ga\/ {n. d.}. Apache HttpComponents - HttpClient. ({n. d.}). Retrieved February 2, 2018 from https:\/\/hc.apache.org\/httpcomponents-client-ga\/"},{"key":"e_1_3_2_1_2_1","volume-title":"Retrieved","year":"2018","unstructured":"{n. d.}. IBM Security AppScan. ({n. d.}) . Retrieved March 14, 2018 from https:\/\/www.ibm.com\/security\/application-security\/appscan {n. d.}. IBM Security AppScan. ({n. d.}). Retrieved March 14, 2018 from https:\/\/www.ibm.com\/security\/application-security\/appscan"},{"key":"e_1_3_2_1_3_1","volume-title":"d.}. JavaGP - Java Implementation of Graphplan. ({n. d.}). Retrieved","year":"2017","unstructured":"{n. d.}. JavaGP - Java Implementation of Graphplan. ({n. d.}). Retrieved December 11, 2017 from https:\/\/github.com\/pucrs-automated-planning\/javagp {n. d.}. JavaGP - Java Implementation of Graphplan. ({n. d.}). Retrieved December 11, 2017 from https:\/\/github.com\/pucrs-automated-planning\/javagp"},{"key":"e_1_3_2_1_4_1","volume-title":"d.}. jsoup: Java HTML Parser. ({n. d.}). Retrieved","year":"2018","unstructured":"{n. d.}. jsoup: Java HTML Parser. ({n. d.}). Retrieved February 2, 2018 from https:\/\/jsoup.org\/ {n. d.}. jsoup: Java HTML Parser. ({n. d.}). Retrieved February 2, 2018 from https:\/\/jsoup.org\/"},{"key":"e_1_3_2_1_5_1","volume-title":"d.}. Metric-FF. ({n. d.}). Retrieved","year":"2016","unstructured":"{n. d.}. Metric-FF. ({n. d.}). Retrieved December 12, 2016 from http:\/\/fai.cs.uni-saarland.de\/hoffmann\/metric-ff.html {n. d.}. Metric-FF. ({n. d.}). Retrieved December 12, 2016 from http:\/\/fai.cs.uni-saarland.de\/hoffmann\/metric-ff.html"},{"key":"e_1_3_2_1_6_1","volume-title":"d.}. OWASP Mutillidae 2 Project. ({n. d.}). Retrieved","year":"2018","unstructured":"{n. d.}. OWASP Mutillidae 2 Project. ({n. d.}). Retrieved February 4, 2018 from https:\/\/www.owasp.org\/index.php\/OWASP_Mutillidae_2_Project {n. d.}. OWASP Mutillidae 2 Project. ({n. d.}). Retrieved February 4, 2018 from https:\/\/www.owasp.org\/index.php\/OWASP_Mutillidae_2_Project"},{"key":"e_1_3_2_1_7_1","volume-title":"Retrieved","year":"2018","unstructured":"{n. d.}. OWASP Top Ten Project. ({n. d.}) . Retrieved January 31, 2018 from https:\/\/www.owasp.org\/index.php\/Category:OWASP_Top_Ten_Project {n. d.}. OWASP Top Ten Project. ({n. d.}). Retrieved January 31, 2018 from https:\/\/www.owasp.org\/index.php\/Category:OWASP_Top_Ten_Project"},{"key":"e_1_3_2_1_8_1","volume-title":"d.}. sqlmap","unstructured":"{n. d.}. sqlmap . http:\/\/sqlmap.org\/. ({n. d.}). Accessed: 2018-03-14. {n. d.}. sqlmap. http:\/\/sqlmap.org\/. ({n. d.}). Accessed: 2018-03-14."},{"key":"e_1_3_2_1_9_1","unstructured":"M. Backes J. Hoffmann R. Kunnemann P. Speicher and M. Steinmetz. 2017. Simulated Penetration Testing and Mitigation Analysis. In CoRR abs\/1705.05088 (2017).  M. Backes J. Hoffmann R. Kunnemann P. Speicher and M. Steinmetz. 2017. Simulated Penetration Testing and Mitigation Analysis. In CoRR abs\/1705.05088 (2017)."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"crossref","unstructured":"A. Blum and M. Furst. 1995. Fast Planning Through Planning Graph Analysis. In IJCAI95. 1636--1642.   A. Blum and M. Furst. 1995. Fast Planning Through Planning Graph Analysis. In IJCAI95. 1636--1642.","DOI":"10.21236\/ADA303260"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44857-1_4"},{"key":"e_1_3_2_1_12_1","volume-title":"Proceedings of First International Workshop on AI in Security (IWAIse).","author":"Bozic J.","unstructured":"J. Bozic and F. Wotawa . 2017. Planning the Attack! Or How to use AI in Security Testing? . In Proceedings of First International Workshop on AI in Security (IWAIse). J. Bozic and F. Wotawa. 2017. Planning the Attack! Or How to use AI in Security Testing?. In Proceedings of First International Workshop on AI in Security (IWAIse)."},{"key":"e_1_3_2_1_13_1","unstructured":"J. Clarke K. Fowler E. Oftedal R. M. Alvarez D. Hartley A. Kornbrust G. O'Leary-Steele A. Revelli S. Siddharth and M. Slaviero. 2012. SQL Injection Attacks and Defense Second Edition. Syngress.   J. Clarke K. Fowler E. Oftedal R. M. Alvarez D. Hartley A. Kornbrust G. O'Leary-Steele A. Revelli S. Siddharth and M. Slaviero. 2012. SQL Injection Attacks and Defense Second Edition. Syngress."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2557547.2557550"},{"key":"e_1_3_2_1_15_1","volume-title":"Computing Optimal Policies for Attack Graphs with Action Failures and Costs. In 7th European Starting AI Researcher Symposium (STAIRS'14)","author":"Durkota K.","unstructured":"K. Durkota and V. Lisy . 2014 . Computing Optimal Policies for Attack Graphs with Action Failures and Costs. In 7th European Starting AI Researcher Symposium (STAIRS'14) . K. Durkota and V. Lisy. 2014. Computing Optimal Policies for Attack Graphs with Action Failures and Costs. In 7th European Starting AI Researcher Symposium (STAIRS'14)."},{"key":"e_1_3_2_1_16_1","volume-title":"STRIPS: A New Approach to the Application of Theorem Proving to Problem Solving. In Artificial Intelligence. 189--208.","author":"Fikes R. E.","year":"1971","unstructured":"R. E. Fikes and N. J. Nilsson . 1971 . STRIPS: A New Approach to the Application of Theorem Proving to Problem Solving. In Artificial Intelligence. 189--208. R. E. Fikes and N. J. Nilsson. 1971. STRIPS: A New Approach to the Application of Theorem Proving to Problem Solving. In Artificial Intelligence. 189--208."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"S. Fogie J. Grossman R. Hansen A. Rager and P. D. Petkov. 2007. XSS Attacks: Cross Site Scripting Exploits and Defense. Syngress.   S. Fogie J. Grossman R. Hansen A. Rager and P. D. Petkov. 2007. XSS Attacks: Cross Site Scripting Exploits and Defense. Syngress.","DOI":"10.1016\/B978-159749154-9\/50005-6"},{"key":"e_1_3_2_1_18_1","volume-title":"Automated Planning: Theory and Practice. In Morgan Kaufmann.","author":"Ghallab M.","year":"2004","unstructured":"M. Ghallab , D. Nau , and P. Traverso . 2004 . Automated Planning: Theory and Practice. In Morgan Kaufmann. M. Ghallab, D. Nau, and P. Traverso. 2004. Automated Planning: Theory and Practice. In Morgan Kaufmann."},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the 1st Workshop on Intelligent Security (SecArt'09)","author":"Ghosh N.","unstructured":"N. Ghosh and S. K. Ghosh . 2009. An Intelligent Technique for Generating Minimal Attack Graph . In Proceedings of the 1st Workshop on Intelligent Security (SecArt'09) . N. Ghosh and S. K. Ghosh. 2009. An Intelligent Technique for Generating Minimal Attack Graph. In Proceedings of the 1st Workshop on Intelligent Security (SecArt'09)."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1008607721339"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2004.24"},{"key":"e_1_3_2_1_22_1","unstructured":"D. McDermott M. Ghallab A. Howe C. Knoblock A. Ram M. Veloso D. Weld and D. Wilkins. 1998. PDDL - The Planning Domain Definition Language. In The AIPS-98 Planning Competition Comitee.  D. McDermott M. Ghallab A. Howe C. Knoblock A. Ram M. Veloso D. Weld and D. Wilkins. 1998. PDDL - The Planning Domain Definition Language. In The AIPS-98 Planning Competition Comitee."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/5254.920599"},{"key":"e_1_3_2_1_24_1","volume-title":"Proceedings of the 13th International Software \/ Internet Quality Week (QW'00)","author":"Memon A. M.","unstructured":"A. M. Memon , M. E. Pollack , , and M. L. Soffa . 2000. A Planning-based Approach to GUI Testing . In Proceedings of the 13th International Software \/ Internet Quality Week (QW'00) . A. M. Memon, M. E. Pollack, , and M. L. Soffa. 2000. A Planning-based Approach to GUI Testing. In Proceedings of the 13th International Software \/ Internet Quality Week (QW'00)."},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the 2nd Workshop on Intelligent Security (SecArt'10)","author":"Lucangeli Obes J.","unstructured":"J. Lucangeli Obes , C. Sarraute , and G. Richarte . 2010. Attack Planning in the Real World . In Proceedings of the 2nd Workshop on Intelligent Security (SecArt'10) . J. Lucangeli Obes, C. Sarraute, and G. Richarte. 2010. Attack Planning in the Real World. In Proceedings of the 2nd Workshop on Intelligent Security (SecArt'10)."},{"key":"e_1_3_2_1_26_1","volume-title":"Combinatorial Testing of Full Text Search in Web Applications. In 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C).","author":"Raunak M.S.","unstructured":"M.S. Raunak , D.R. Kuhn , and R. Kacker . 2017 . Combinatorial Testing of Full Text Search in Web Applications. In 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). M.S. Raunak, D.R. Kuhn, and R. Kacker. 2017. Combinatorial Testing of Full Text Search in Web Applications. In 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C)."},{"key":"e_1_3_2_1_27_1","volume-title":"Artificial Intelligence: A Modern Approach","author":"Russell S. J.","year":"1995","unstructured":"S. J. Russell and P. Norvig . 1995 . Artificial Intelligence: A Modern Approach . Prentice Hall . S. J. Russell and P. Norvig. 1995. Artificial Intelligence: A Modern Approach. Prentice Hall."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"crossref","unstructured":"A. Shameli-Sendi M. Dagenais and L. Wang. 2017. Realtime Intrusion Risk Assessment Model based on Attack and Service Dependency Graphs. In Computer Communications.  A. Shameli-Sendi M. Dagenais and L. Wang. 2017. Realtime Intrusion Risk Assessment Model based on Attack and Service Dependency Graphs. In Computer Communications.","DOI":"10.1016\/j.comcom.2017.12.003"},{"key":"e_1_3_2_1_29_1","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy.","author":"Sheyner O.","unstructured":"O. Sheyner , J. Haines , S. Jha , R. Lippmann , and J. Wing . 2002. Automated Generation and Analysis of Attack Graphs . In Proceedings of the IEEE Symposium on Security and Privacy. O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. Wing. 2002. Automated Generation and Analysis of Attack Graphs. In Proceedings of the IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of the 29th IFIP International Conference on Testing Software and Systems (ICTSS'17)","author":"Nguena Timo O.","unstructured":"O. Nguena Timo , A. Petrenko , and S. Ramesh . 2017. Multiple Mutation Testing from Finite State Machines with Symbolic Inputs . In Proceedings of the 29th IFIP International Conference on Testing Software and Systems (ICTSS'17) . O. Nguena Timo, A. Petrenko, and S. Ramesh. 2017. Multiple Mutation Testing from Finite State Machines with Symbolic Inputs. In Proceedings of the 29th IFIP International Conference on Testing Software and Systems (ICTSS'17)."},{"key":"e_1_3_2_1_31_1","unstructured":"M. Utting and B. Legeard. 2006. Practical Model-Based Testing - A Tools Approach. Morgan Kaufmann Publishers Inc.   M. Utting and B. Legeard. 2006. Practical Model-Based Testing - A Tools Approach. Morgan Kaufmann Publishers Inc."},{"key":"e_1_3_2_1_32_1","unstructured":"J. Zander I. Schieferdecker and P.J. Mosterman. 2011. Model-Based Testing for Embedded Systems. In CRC Press.   J. Zander I. Schieferdecker and P.J. Mosterman. 2011. Model-Based Testing for Embedded Systems. In CRC Press."}],"event":{"name":"ICSE '18: 40th International Conference on Software Engineering","location":"Gothenburg Sweden","acronym":"ICSE '18","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE-CS Computer Society"]},"container-title":["Proceedings of the 13th International Workshop on Automation of Software Test"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3194733.3194738","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3194733.3194738","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T19:07:23Z","timestamp":1750273643000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3194733.3194738"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,5,28]]},"references-count":32,"alternative-id":["10.1145\/3194733.3194738","10.1145\/3194733"],"URL":"https:\/\/doi.org\/10.1145\/3194733.3194738","relation":{},"subject":[],"published":{"date-parts":[[2018,5,28]]},"assertion":[{"value":"2018-05-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}