{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T17:50:25Z","timestamp":1764784225435,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":35,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,4,8]],"date-time":"2019-04-08T00:00:00Z","timestamp":1554681600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,4,8]]},"DOI":"10.1145\/3297280.3297438","type":"proceedings-article","created":{"date-parts":[[2019,5,1]],"date-time":"2019-05-01T12:18:47Z","timestamp":1556713127000},"page":"1620-1628","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Requirements for preventing logic flaws in the authentication procedure of web applications"],"prefix":"10.1145","author":[{"given":"Youssou","family":"Ndiaye","sequence":"first","affiliation":[{"name":"Univ Rennes, Inria, CNRS, Rennes, France"}]},{"given":"Olivier","family":"Barais","sequence":"additional","affiliation":[{"name":"Univ Rennes, Inria, CNRS, Rennes, France"}]},{"given":"Arnaud","family":"Blouin","sequence":"additional","affiliation":[{"name":"Univ Rennes, Inria, CNRS, Rennes, France"}]},{"given":"Ahmed","family":"Bouabdallah","sequence":"additional","affiliation":[{"name":"IMT Atlantique, IRISA, UBL, France"}]},{"given":"Nicolas","family":"Aillery","sequence":"additional","affiliation":[{"name":"Orange labs Rennes, Rennes, France"}]}],"member":"320","published-online":{"date-parts":[[2019,4,8]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/322796.322806"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2010.5593241"},{"key":"e_1_3_2_1_3_1","unstructured":"Iv\u00e1n Arce Kathleen Clark-Fisher Neil Daswani Jim DelGrosso Danny Dhillon Christoph Kern Tadayoshi Kohno Carl Landwehr Gary McGraw Brook Schoenfield et al. 2014. Avoiding the top 10 software security design flaws. Technical report IEEE Computer Societys Center for Secure Design (CSD) (2014)."},{"key":"e_1_3_2_1_4_1","unstructured":"William E Burr Donna F Dodson William T Polk et al. 2004. Electronic authentication guideline. Citeseer."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1054972.1055070"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/1776434.1776440"},{"key":"e_1_3_2_1_7_1","unstructured":"Common Weakness Enumeration (CWE). {n. d.}. A community-developed List of Software Weakness Types. https:\/\/cwe.mitre.org\/index.html"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2008.49"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/WSE.2003.1234011"},{"key":"e_1_3_2_1_10_1","unstructured":"P.S. Dowland D.Katsabas S.M. Furnell. {n. d.}. HCI principles to promote usable security. ({n. d.})."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2005.36"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.5555\/2011127.2011132"},{"key":"e_1_3_2_1_13_1","unstructured":"OWASP Foundation. {n. d.}. Business Logic Security Cheat Sheet. https:\/\/www.owasp.org\/index.php\/Business_Logic_Security_Cheat_Sheet"},{"key":"e_1_3_2_1_14_1","unstructured":"OWASP Foundation. {n. d.}. Vulnerability. https:\/\/www.owasp.org\/index.php\/Category:Vulnerability"},{"key":"e_1_3_2_1_15_1","volume-title":"WhiteHat Security","author":"Grossman Jeremiah","year":"2007","unstructured":"Jeremiah Grossman. 2007. Seven business logic flaws that put your website at risk. WhiteHat Security, October (2007)."},{"key":"e_1_3_2_1_16_1","unstructured":"GSMA. {n. d.}. Introducing mobile connect - the new standard in digital authentication. https:\/\/www.gsma.com\/identity\/mobile-connect"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/s13198-015-0376-0"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","unstructured":"NeilHaller. 1995. The S\/KEY one-time password system. (1995).","DOI":"10.17487\/rfc1760"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2008.4483667"},{"key":"e_1_3_2_1_21_1","unstructured":"International Communication Union (ITU). 2012-09-07. Entity Authentication assurance framework. http:\/\/handle.itu.int\/11.1002\/1000\/11608"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2004.1281240"},{"key":"e_1_3_2_1_23_1","volume-title":"Pixy: A static analysis tool for detecting web application vulnerabilities (short paper)","author":"Jovanovic Nenad","year":"2006","unstructured":"Nenad Jovanovic, Christopher Kruegel, and Engin Kirda. 2006. Pixy: A static analysis tool for detecting web application vulnerabilities (short paper). IEEE."},{"key":"e_1_3_2_1_24_1","unstructured":"Ivan Koldaev. {n. d.}. Hackany skype account in 6 easy steps. http:\/\/pixus-ru.blogspot.com\/2012\/11\/hack-any-skype-account-in-6-easy-steps.html"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076767"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.08.010"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2006.109"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"crossref","unstructured":"Giancarlo Pellegrino and Davide Balzarotti. 2014. Toward Black-Box Detection of Logic Flaws in Web Applications.. In NDSS.","DOI":"10.14722\/ndss.2014.23021"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1179529.1179532"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICICM.2013.18"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1011902718709"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-004-0194-4"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2008.19"},{"key":"e_1_3_2_1_34_1","volume-title":"Privacy and Identity Management for Life - 6th IFIP WG 9.2, 9.6\/11.7, 11.4, 11.6\/PrimeLife International Summer School, Heisingborg, Sweden, August 2--6","author":"Vapen Anna","year":"2010","unstructured":"Anna Vapen and Nahid Shahmehri. 2010. Security Levels for Web Authentication Using Mobile Phones. In Privacy and Identity Management for Life - 6th IFIP WG 9.2, 9.6\/11.7, 11.4, 11.6\/PrimeLife International Summer School, Heisingborg, Sweden, August 2--6, 2010, Revised Selected Papers. 130--143."},{"key":"e_1_3_2_1_35_1","unstructured":"Web Application Security Consortium (WASC). {n. d.}. Threat Classification. http:\/\/projects.webappsec.org\/w\/page\/13246978\/Threat%20Classification"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.5555\/646280.687663"}],"event":{"name":"SAC '19: The 34th ACM\/SIGAPP Symposium on Applied Computing","sponsor":["SIGAPP ACM Special Interest Group on Applied Computing"],"location":"Limassol Cyprus","acronym":"SAC '19"},"container-title":["Proceedings of the 34th ACM\/SIGAPP Symposium on Applied Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3297280.3297438","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3297280.3297438","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T01:02:16Z","timestamp":1750208536000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3297280.3297438"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,4,8]]},"references-count":35,"alternative-id":["10.1145\/3297280.3297438","10.1145\/3297280"],"URL":"https:\/\/doi.org\/10.1145\/3297280.3297438","relation":{},"subject":[],"published":{"date-parts":[[2019,4,8]]},"assertion":[{"value":"2019-04-08","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}