{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T17:57:17Z","timestamp":1773511037127,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,6,27]],"date-time":"2020-06-27T00:00:00Z","timestamp":1593216000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,6,27]]},"DOI":"10.1145\/3377811.3380355","type":"proceedings-article","created":{"date-parts":[[2020,10,1]],"date-time":"2020-10-01T18:25:38Z","timestamp":1601576738000},"page":"222-233","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":12,"title":["Finding client-side business flow tampering vulnerabilities"],"prefix":"10.1145","author":[{"given":"I Luk","family":"Kim","sequence":"first","affiliation":[{"name":"Purdue University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yunhui","family":"Zheng","sequence":"additional","affiliation":[{"name":"IBM T. J. Watson Research Center"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hogun","family":"Park","sequence":"additional","affiliation":[{"name":"Purdue University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Weihang","family":"Wang","sequence":"additional","affiliation":[{"name":"University at Buffalo"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wei","family":"You","sequence":"additional","affiliation":[{"name":"Renmin University of China, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yousra","family":"Aafer","sequence":"additional","affiliation":[{"name":"Purdue University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiangyu","family":"Zhang","sequence":"additional","affiliation":[{"name":"Purdue University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2020,10]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n.d.]. Business Flow Tampering Success Cases. https:\/\/sites.google.com\/view\/tampering-cases."},{"key":"e_1_3_2_1_2_1","unstructured":"[n.d.]. Chrome DevTools Protocol. https:\/\/chromedevtools.github.io\/devtools-protocol\/."},{"key":"e_1_3_2_1_3_1","unstructured":"[n.d.]. InboxDollars - about us. http:\/\/corporate.inboxdollars.com\/about-us\/company\/."},{"key":"e_1_3_2_1_4_1","unstructured":"[n.d.]. Puppeteer. https:\/\/pptr.dev\/."},{"key":"e_1_3_2_1_5_1","unstructured":"[n.d.]. Security Token. https:\/\/en.wikipedia.org\/wiki\/Security_token."},{"key":"e_1_3_2_1_6_1","unstructured":"[n.d.]. V8 JavaScript engine. https:\/\/v8.dev\/."},{"key":"e_1_3_2_1_7_1","unstructured":"2016. W3C Recommendation - Subresource Integrity. https:\/\/www.w3.org\/TR\/SRI\/."},{"key":"e_1_3_2_1_8_1","unstructured":"2019. OWASP AJAX Security Cheat Sheet. https:\/\/github.com\/OWASP\/CheatSheetSeries\/blob\/master\/cheatsheets\/AJAX_Security_Cheat_Sheet.md#dont-rely-on-client-business-logic."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236038"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30115-8_7"},{"key":"e_1_3_2_1_11_1","unstructured":"Julia Alexander. 2018. YouTube Premium is changing because it has to. https:\/\/www.theverge.com\/2018\/11\/29\/18116154\/youtube-premium-free-ads-subscription-red."},{"key":"e_1_3_2_1_12_1","unstructured":"Jan Biniok. 2019. Tampermonkey project homepage. https:\/\/tampermonkey.net\/."},{"key":"e_1_3_2_1_13_1","unstructured":"Aaron Boodman. 2019. Greasemonkey project homepage. https:\/\/www.greasespot.net\/."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.56"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813675"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046736"},{"key":"e_1_3_2_1_18_1","first-page":"226","article-title":"A density-based algorithm for discovering clusters in large spatial databases with noise","volume":"96","author":"Ester Martin","year":"1996","unstructured":"Martin Ester, Hans-Peter Kriegel, J\u00f6rg Sander, Xiaowei Xu, et al. 1996. A density-based algorithm for discovering clusters in large spatial databases with noise.. In Kdd, Vol. 96. 226--231.","journal-title":"Kdd"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.49"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SERE-C.2013.36"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052674"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.48"},{"key":"e_1_3_2_1_23_1","volume-title":"Verification and Validation (ICST), 2013 IEEE Sixth International Conference on. IEEE, 74--83","author":"Mirshokraie Shabnam","year":"2013","unstructured":"Shabnam Mirshokraie, Ali Mesbah, and Karthik Pattabiraman. 2013. Efficient JavaScript mutation testing. In Software Testing, Verification and Validation (ICST), 2013 IEEE Sixth International Conference on. IEEE, 74--83."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2014.2371458"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635928"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180184"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Giancarlo Pellegrino and Davide Balzarotti. 2014. Toward Black-Box Detection of Logic Flaws in Web Applications.. In NDSS.","DOI":"10.14722\/ndss.2014.23021"},{"key":"e_1_3_2_1_28_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium","author":"Peng Fei","year":"2014","unstructured":"Fei Peng, Zhui Deng, Xiangyu Zhang, Dongyan Xu, Zhiqiang Lin, and Zhendong Su. 2014. X-Force: Force-Executing Binary Programs for Security Applications. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20--22, 2014., Kevin Fu and Jaeyeon Jung (Eds.). USENIX Association, 829--844. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/peng"},{"key":"e_1_3_2_1_29_1","unstructured":"Peter Preston. 2011. A paywall that pays? Only in America. https:\/\/www.theguardian.com\/media\/2011\/aug\/07\/paywall-that-pays-only-in-america."},{"key":"e_1_3_2_1_30_1","volume-title":"A review of feature selection techniques in bioinformatics. bioinformatics 23, 19","author":"Saeys Yvan","year":"2007","unstructured":"Yvan Saeys, I\u00f1aki Inza, and Pedro Larra\u00f1aga. 2007. A review of feature selection techniques in bioinformatics. bioinformatics 23, 19 (2007), 2507--2517."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.38"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2491411.2491447"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786830"},{"key":"e_1_3_2_1_34_1","unstructured":"Garett Sloane. 2018. YouTube is now showing ad-supported Hollywood movies. https:\/\/adage.com\/article\/digital\/youtube-starts-showing-free-hollywood-movies-ad-breaks\/315631\/."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Avinash Sudhodanan Alessandro Armando Roberto Carbone Luca Compagna et al. 2016. Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications.. In NDSS.","DOI":"10.14722\/ndss.2016.23286"},{"key":"e_1_3_2_1_36_1","unstructured":"Fangqi Sun Liang Xu and Zhendong Su. 2014. Detecting Logic Vulnerabilities in E-commerce Applications.. In NDSS."},{"key":"e_1_3_2_1_37_1","unstructured":"The New York Times. 2019. Breaking News World News & Multimedia. https:\/\/www.nytimes.com\/."},{"key":"e_1_3_2_1_38_1","unstructured":"Jordan Valinsky. 2016. Some Adblock Plus users are reporting problems with YouTube. https:\/\/digiday.com\/social\/youtube-adblock-problems\/."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.30"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.26"},{"key":"e_1_3_2_1_41_1","volume-title":"Image quality assessment: from error visibility to structural similarity","author":"Wang Zhou","year":"2004","unstructured":"Zhou Wang, Alan C Bovik, Hamid R Sheikh, and Eero P Simoncelli. 2004. Image quality assessment: from error visibility to structural similarity. IEEE transactions on image processing 13, 4 (2004), 600--612."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74320-0_12"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2016.96"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1190216.1190252"},{"key":"e_1_3_2_1_45_1","series-title":"SIAM journal on computing 18, 6","volume-title":"Simple fast algorithms for the editing distance between trees and related problems","author":"Zhang Kaizhong","year":"1989","unstructured":"Kaizhong Zhang and Dennis Shasha. 1989. Simple fast algorithms for the editing distance between trees and related problems. SIAM journal on computing 18, 6 (1989), 1245--1262."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1007730.1007741"}],"event":{"name":"ICSE '20: 42nd International Conference on Software Engineering","location":"Seoul South Korea","acronym":"ICSE '20","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","KIISE Korean Institute of Information Scientists and Engineers","IEEE CS"]},"container-title":["Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3377811.3380355","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3377811.3380355","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:23:57Z","timestamp":1750202637000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3377811.3380355"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,6,27]]},"references-count":45,"alternative-id":["10.1145\/3377811.3380355","10.1145\/3377811"],"URL":"https:\/\/doi.org\/10.1145\/3377811.3380355","relation":{},"subject":[],"published":{"date-parts":[[2020,6,27]]},"assertion":[{"value":"2020-10-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}