{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T10:06:08Z","timestamp":1775815568354,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":166,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NSF","award":["1916499, 1908021, and 1850392"],"award-info":[{"award-number":["1916499, 1908021, and 1850392"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484577","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:27Z","timestamp":1636805127000},"page":"1839-1860","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Spinner: Automated Dynamic Command Subsystem Perturbation"],"prefix":"10.1145","author":[{"given":"Meng","family":"Wang","sequence":"first","affiliation":[{"name":"University of Virginia, Charlottesville, VA, USA"}]},{"given":"Chijung","family":"Jung","sequence":"additional","affiliation":[{"name":"University of Virginia, Charlottesville, VA, USA"}]},{"given":"Ali","family":"Ahad","sequence":"additional","affiliation":[{"name":"University of Virginia, Charlottesville, VA, USA"}]},{"given":"Yonghwi","family":"Kwon","sequence":"additional","affiliation":[{"name":"University of Virginia, Charlottesville, VA, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2018. Online Shopping Website Framework. https:\/\/gitee.com\/koyshe\/phpshe."},{"key":"e_1_3_2_1_2_1","unstructured":"2020. Dependency Manager for PHP. https:\/\/github.com\/composer\/composer."},{"key":"e_1_3_2_1_3_1","unstructured":"2020. GitHub - vimeo\/psalm: A static analysis tool for finding errors in PHP applications. https:\/\/github.com\/vimeo\/psalm."},{"key":"e_1_3_2_1_4_1","unstructured":"2021. TED Ideas worth spreading. https:\/\/www.ted.com\/talks."},{"key":"e_1_3_2_1_5_1","unstructured":"2021. The LLVM Compiler Infrastructure Project. https:\/\/llvm.org\/."},{"key":"e_1_3_2_1_6_1","unstructured":"abiusx. 2015. Taint Tracking and Inference analysis and breaking tool. https:\/\/github.com\/abiusx\/taintless\/."},{"key":"e_1_3_2_1_7_1","unstructured":"Adriano D.Giovanni. 2020. A cross-platform Node.js wrapper around the standard Unix program df. https:\/\/github.com\/adriano-di-giovanni\/node-df."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417248"},{"key":"e_1_3_2_1_9_1","unstructured":"Alibaba. 2020. Generic SQL engine for Web and Big-data. https:\/\/github.com\/alibaba\/nquery."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Muath Alkhalaf. 2014. Automatic Detection and Repair of Input Validation and Sanitization Bugs. Ph.D. Dissertation. University of Californida Santa Barbara.","DOI":"10.1145\/2610384.2610401"},{"key":"e_1_3_2_1_11_1","unstructured":"Anastasionico. 2019. Good Practices: how to sanitize validate and escape in PHP. https:\/\/dev.to\/anastasionico\/good-practices-how-to-sanitize-validateand-escape-in-php-3-methods-139b."},{"key":"e_1_3_2_1_12_1","unstructured":"Andi Albrecht. 2020. Multiple parsing failures identifying Comment Tokens. https:\/\/github.com\/andialbrecht\/sqlparse\/issues\/558."},{"key":"e_1_3_2_1_13_1","unstructured":"Apache. 2019. Apache Web Server. https:\/\/httpd.apache.org\/."},{"key":"e_1_3_2_1_14_1","unstructured":"Automattic. 2020. Automatically checks all comments and filters out the ones that look like spam. https:\/\/wordpress.org\/plugins\/akismet\/."},{"key":"e_1_3_2_1_15_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Azad Babak Amin","year":"2019","unstructured":"Babak Amin Azad, Pierre Laperdrix, and Nick Nikiforakis. 2019. Less is More: Quantifying the Security Benefits of Debloating Web Applications. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 1697--1714. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/azad"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.22"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948147"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.27"},{"key":"e_1_3_2_1_19_1","unstructured":"Joe Becher. 2019. Codecov NodeJS Uploader. https:\/\/www.npmjs.com\/package\/codecov."},{"key":"e_1_3_2_1_20_1","unstructured":"Bernardo Damele A. G. and Miroslav Stampar. 2020. sqlmap. https:\/\/github.com\/sqlmapproject\/sqlmap."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1698750.1698754"},{"key":"e_1_3_2_1_22_1","unstructured":"BitDegree. 2017. Learn PHP Sanitize Input: Example of Input Sanitization Included. https:\/\/www.bitdegree.org\/learn\/php-sanitize-input."},{"key":"e_1_3_2_1_23_1","unstructured":"Dan Bloomberg. 2020. Leptonica. http:\/\/www.leptonica.org\/."},{"key":"e_1_3_2_1_24_1","unstructured":"John Bodley. 2020. A non-validating SQL parser module for Python. https:\/\/github.com\/andialbrecht\/sqlparse."},{"key":"e_1_3_2_1_25_1","unstructured":"BorseGo AG. 2019. Parse SQL (select) statements into abstract syntax tree (AST) and convert ASTs back to SQL. https:\/\/github.com\/godmodelabs\/flora-sqlparser\/."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2008.58"},{"key":"e_1_3_2_1_27_1","volume-title":"Keromytis","author":"Boyd Stephen W.","year":"2004","unstructured":"Stephen W. Boyd and Angelos D. Keromytis. 2004. SQLrand: Preventing SQL Injection Attacks. In Applied Cryptography and Network Security, Markus Jakobsson, Moti Yung, and Jianying Zhou (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 292--302."},{"key":"e_1_3_2_1_28_1","unstructured":"Frank Lyder Bredland. 2016. git-publish. https:\/\/www.npmjs.com\/package\/gitpublish."},{"key":"e_1_3_2_1_29_1","unstructured":"Cherokee. 2019. Cherokee is an innovative feature rich lightning fast and easy to configure open source web server designed for the next generation of highly concurrent secured web applications. https:\/\/cherokee-project.com\/."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655121.1655125"},{"key":"e_1_3_2_1_31_1","unstructured":"Commix Project. 2020. Automated All-in-One OS command injection and exploitation tool. https:\/\/github.com\/commixproject\/commix."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/spw.2017.38"},{"key":"e_1_3_2_1_33_1","unstructured":"cPanel. 2021. Hosting Platform of Choice. https:\/\/cpanel.net\/."},{"key":"e_1_3_2_1_34_1","unstructured":"CVE 2014. CVE-2014--2323. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014--2323."},{"key":"e_1_3_2_1_35_1","unstructured":"CVE. 2016. CVE-2016--10033. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016--10033."},{"key":"e_1_3_2_1_36_1","unstructured":"CVE. 2017. CVE-2017--10004. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017--10004."},{"key":"e_1_3_2_1_37_1","unstructured":"CVE. 2017. CVE-2017--1000451. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017--1000451."},{"key":"e_1_3_2_1_38_1","unstructured":"CVE. 2017. CVE-2017--17562. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017--17562."},{"key":"e_1_3_2_1_39_1","unstructured":"CVE. 2018. CVE-2018--10969. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018--10969."},{"key":"e_1_3_2_1_40_1","unstructured":"CVE. 2018. CVE-2018--15877. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018--15877."},{"key":"e_1_3_2_1_41_1","unstructured":"CVE. 2018. CVE-2018--16461. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018--16461."},{"key":"e_1_3_2_1_42_1","unstructured":"CVE. 2018. CVE-2018--3746. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018--3746."},{"key":"e_1_3_2_1_43_1","unstructured":"CVE. 2018. CVE-2018--3757. https:\/\/www.cvedetails.com\/cve\/CVE-2018--3757\/."},{"key":"e_1_3_2_1_44_1","unstructured":"CVE. 2018. CVE-2018--3786. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018--3786."},{"key":"e_1_3_2_1_45_1","unstructured":"CVE. 2018. CVE-2018--3836. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018--3836."},{"key":"e_1_3_2_1_46_1","unstructured":"CVE. 2019. CVE-2019--10061. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019--10061."},{"key":"e_1_3_2_1_47_1","unstructured":"CVE. 2019. CVE-2019--10783. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019--10783."},{"key":"e_1_3_2_1_48_1","unstructured":"CVE. 2019. CVE-2019--12272. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019--12272."},{"key":"e_1_3_2_1_49_1","unstructured":"CVE. 2019. CVE-2019--13638. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019--13638."},{"key":"e_1_3_2_1_50_1","unstructured":"CVE. 2019. CVE-2019--976. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019--976."},{"key":"e_1_3_2_1_51_1","unstructured":"CVE. 2020. CVE-2020--7597. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020--7597."},{"key":"e_1_3_2_1_52_1","unstructured":"CVE. 2020. CVE-2020--8149. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020--8149."},{"key":"e_1_3_2_1_53_1","unstructured":"CVE. 2020. CVE-2020--8178. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020--8178."},{"key":"e_1_3_2_1_54_1","unstructured":"Dav Glass. 2015. lsof. https:\/\/www.npmjs.com\/package\/lsof."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.14778\/2732240.2732246"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046736"},{"key":"e_1_3_2_1_57_1","unstructured":"Edward. 2018. Plain View Activity Monitor. https:\/\/wordpress.org\/plugins\/plainview-activity-monitor."},{"key":"e_1_3_2_1_58_1","unstructured":"Egg. 2019. eggscripts. https:\/\/www.npmjs.com\/package\/egg-scripts."},{"key":"e_1_3_2_1_59_1","unstructured":"Elementor. 2020. A website builder that delivers high-end page designs and advanced capabilities. https:\/\/wordpress.org\/plugins\/elementor\/."},{"key":"e_1_3_2_1_60_1","unstructured":"Embedthis. 2019. GoAhead. https:\/\/www.embedthis.com\/goahead\/."},{"key":"e_1_3_2_1_61_1","unstructured":"Fabien Potencier. 2020. free feature-rich PHP mailer. https:\/\/packagist.org\/packages\/swiftmailer\/swiftmailer."},{"key":"e_1_3_2_1_62_1","unstructured":"Fabien Potencier. 2020. Symfony Console Component. https:\/\/packagist.org\/packages\/symfony\/console."},{"key":"e_1_3_2_1_63_1","unstructured":"Fagbokforlaget V&B AS. 2018. pdfinfojs. https:\/\/www.npmjs.com\/package\/pdfinfojs."},{"key":"e_1_3_2_1_64_1","unstructured":"Apache Software Foundation. 2019. Apache JMeter. https:\/\/jmeter.apache.org\/."},{"key":"e_1_3_2_1_65_1","unstructured":"WordPress Foundation. 2019. WordPress. https:\/\/wordpress.com\/."},{"key":"e_1_3_2_1_66_1","unstructured":"GNU. 2018. Patch. https:\/\/savannah.gnu.org\/projects\/patch\/."},{"key":"e_1_3_2_1_67_1","unstructured":"PostgreSQL Global Development Group. 2020. PostgreSQL: The World's Most Advanced Open Source Relational Database. https:\/\/www.postgresql.org\/docs\/9.4\/functions-bitstring.html."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2005.21"},{"key":"e_1_3_2_1_69_1","volume-title":"Proceedings of the International Conference on Automated Software Engineering","author":"William","unstructured":"William G.J. Halfond and Alessandro Orso. 2005. AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks. In Proceedings of the International Conference on Automated Software Engineering. Long Beach, California, USA."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/1181775.1181797"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2007.70748"},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/174662.174663"},{"key":"e_1_3_2_1_73_1","unstructured":"Daniel Hillmann. 2019. kill-port-processes. https:\/\/www.npmjs.com\/package\/kill-port-process."},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/775152.775174"},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/988672.988679"},{"key":"e_1_3_2_1_76_1","unstructured":"HYRISE. 2020. SQL Parser for C++. Building C++ object structure from SQL statements. https:\/\/github.com\/hyrise\/sql-parser."},{"key":"e_1_3_2_1_77_1","unstructured":"Intel. 2019. Software Guard Extensions. https:\/\/software.intel.com\/en-us\/sgx."},{"key":"e_1_3_2_1_78_1","unstructured":"Isaac Bennetch. 2020. SQL Parser. https:\/\/github.com\/phpmyadmin\/sql-parser."},{"key":"e_1_3_2_1_79_1","unstructured":"Jason Gerfen. 2019. NPM API to access nmap from node.js. https:\/\/www.npmjs.com\/package\/libnmap."},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1109\/S&P.2006.29"},{"key":"e_1_3_2_1_81_1","unstructured":"Justin Swanhart. 2019. A pure PHP SQL (non validating) parser w\/ focus on MySQL dialect of SQL. https:\/\/github.com\/greenlion\/PHP-SQL-Parser."},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948146"},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2009.5070521"},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/1141277.1141357"},{"key":"e_1_3_2_1_85_1","volume-title":"Kline and Daniel Kline","author":"Kevin","year":"2001","unstructured":"Kevin E. Kline and Daniel Kline. 2001. SQL in a Nutshell. O'Reilly."},{"key":"e_1_3_2_1_86_1","unstructured":"Lerna. 2020. A tool for managing JavaScript projects with multiple packages. https:\/\/github.com\/lerna\/lerna."},{"key":"e_1_3_2_1_87_1","first-page":"9","article-title":"Secure Untrusted Data Repository (SUNDR)","volume":"4","author":"Li Jinyuan","year":"2004","unstructured":"Jinyuan Li, Maxwell N Krohn, David Mazieres, and Dennis E Shasha. 2004. Secure Untrusted Data Repository (SUNDR).. In Osdi, Vol. 4. 9--9.","journal-title":"Osdi"},{"key":"e_1_3_2_1_88_1","unstructured":"Lighttpd. 2019. Lighttpd Web Server. https:\/\/www.lighttpd.net\/."},{"key":"e_1_3_2_1_89_1","unstructured":"LinuxConfig.org. 2015. Internal vs External Linux shell commands - LinuxConfig.org. https:\/\/linuxconfig.org\/internal-vs-external-linux-shell-commands."},{"key":"e_1_3_2_1_90_1","unstructured":"LuaExpat. 2020. XML Expat parsing for the Lua programming language. https:\/\/matthewwild.co.uk\/projects\/luaexpat\/."},{"key":"e_1_3_2_1_91_1","unstructured":"Margaret Brewster. 2019. Parses Sql to an AST and re-stringifies SQL ASTs. https:\/\/www.npmjs.com\/package\/druid-sql-parser."},{"key":"e_1_3_2_1_92_1","unstructured":"Marijn Haverbeke. 2020. A small fast JavaScript-based JavaScript parser. https:\/\/github.com\/acornjs\/acorn."},{"key":"e_1_3_2_1_93_1","volume-title":"Proceedings of the 17th Conference on Security Symposium","author":"Martin Michael","unstructured":"Michael Martin and Monica S. Lam. 2008. Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking. In Proceedings of the 17th Conference on Security Symposium (San Jose, CA) (SS'08). USENIX Association, USA, 31--43."},{"key":"e_1_3_2_1_94_1","volume-title":"NPM Provides an interface to convert PDF's","author":"Oyamada Masafumi","unstructured":"Masafumi Oyamada. 2018. NPM Provides an interface to convert PDF's pages to png files in Node.js. https:\/\/www.npmjs.com\/package\/pdf-image."},{"key":"e_1_3_2_1_95_1","unstructured":"Masahiro Wakame. 2017. fs-git. https:\/\/www.npmjs.com\/package\/fs-git."},{"key":"e_1_3_2_1_96_1","unstructured":"Matthew Gonzalez. 2017. listening-processes. https:\/\/www.npmjs.com\/package\/listening-processes."},{"key":"e_1_3_2_1_97_1","volume-title":"Recent Advances in Intrusion Detection","author":"McAllister Sean","unstructured":"Sean McAllister, Engin Kirda, and Christopher Kruegel. 2008. Leveraging User Interactions for In-Depth Testing of Web Applications. In Recent Advances in Intrusion Detection, Richard Lippmann, Engin Kirda, and Ari Trachtenberg (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 191--210."},{"key":"e_1_3_2_1_98_1","unstructured":"Michele Romano. 2019. Hackerone-728040. https:\/\/hackerone.com\/reports\/728040."},{"key":"e_1_3_2_1_99_1","unstructured":"Michele Romano. 2020. Hackerone-730121. https:\/\/hackerone.com\/reports\/730121."},{"key":"e_1_3_2_1_100_1","unstructured":"Gerome Miklau. 2019. xmldata. http:\/\/aiweb.cs.washington.edu\/research\/projects\/xmltk\/xmldata\/."},{"key":"e_1_3_2_1_101_1","doi-asserted-by":"publisher","DOI":"10.1145\/1060745.1060809"},{"key":"e_1_3_2_1_102_1","unstructured":"Mozilla. 2020. Moz SQL Parser. https:\/\/github.com\/mozilla\/moz-sql-parser."},{"key":"e_1_3_2_1_103_1","unstructured":"MySQLTUTORIAL 2020. MySQL Prepared Statement. https:\/\/www.mysqltutorial.org\/mysql-prepared-statement.aspx\/."},{"key":"e_1_3_2_1_104_1","unstructured":"National Vulnerability Database. 2019. CVE-2019--15597. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019--15597."},{"key":"e_1_3_2_1_105_1","unstructured":"Trent Nelson. 2020. Technically-oriented PDF Collection. https:\/\/github.com\/tpn\/pdfs."},{"key":"e_1_3_2_1_106_1","volume-title":"Security and Privacy in the Age of Ubiquitous Computing","author":"Nguyen-Tuong Anh","unstructured":"Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, and David Evans. 2005. Automatically HardeningWeb Applications Using Precise Tainting. In Security and Privacy in the Age of Ubiquitous Computing. Springer, 295--307."},{"key":"e_1_3_2_1_107_1","unstructured":"Nick Galbreath. 2018. SQL \/ SQLI tokenizer parser analyzer. https:\/\/github.com\/client9\/libinjection."},{"key":"e_1_3_2_1_108_1","unstructured":"Nikita Popov. 2020. Extension exposing PHP 7 abstract syntax tree. https:\/\/github.com\/nikic\/php-ast."},{"key":"e_1_3_2_1_109_1","unstructured":"notpwnguy. 2018. Hackerone-511459. https:\/\/hackerone.com\/reports\/511459."},{"key":"e_1_3_2_1_110_1","unstructured":"NVD. 2019. CVE Details: CVE-2019--5127. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019--5127."},{"key":"e_1_3_2_1_111_1","unstructured":"OpenLiteSpeed. 2019. OpenLiteSpeed is the Open Source edition of LiteSpeed Web Server Enterprise. https:\/\/openlitespeed.org\/."},{"key":"e_1_3_2_1_112_1","unstructured":"OpenWrt. 2019. LuCI. https:\/\/openwrt.org\/docs\/guide-user\/luci\/start."},{"key":"e_1_3_2_1_113_1","unstructured":"OpenWrt. 2019. uHTTPd. https:\/\/openwrt.org\/docs\/guide-user\/services\/webserver\/uhttpd."},{"key":"e_1_3_2_1_114_1","unstructured":"OpenWrt 2020. OpenWrt Project. https:\/\/openwrt.org\/."},{"key":"e_1_3_2_1_115_1","unstructured":"Oracle. 2019. Mysql. https:\/\/www.mysql.com\/."},{"key":"e_1_3_2_1_116_1","unstructured":"OWASP. 2019. OWASP Top Ten. https:\/\/owasp.org\/www-project-top-ten\/."},{"key":"e_1_3_2_1_117_1","unstructured":"Packagist. 2020. The PHP Package Repository. https:\/\/packagist.org."},{"key":"e_1_3_2_1_118_1","unstructured":"Pawel Trysla. 2020. Display pretty Android and iOS logs without Android Studio or Console.app with intuitive Command Line Interface. https:\/\/github.com\/zamotany\/logkitty."},{"key":"e_1_3_2_1_119_1","unstructured":"PECL. 2021. PECL :: Package :: taint. https:\/\/pecl.php.net\/package\/taint."},{"key":"e_1_3_2_1_120_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_3"},{"key":"e_1_3_2_1_121_1","unstructured":"Peter Braden. 2019. OpenCV. https:\/\/www.npmjs.com\/package\/opencv."},{"key":"e_1_3_2_1_122_1","unstructured":"PHP. 2019. SimpleXML Extension. https:\/\/www.php.net\/manual\/en\/book.simplexml.php."},{"key":"e_1_3_2_1_123_1","volume-title":"International Workshop on Recent Advances in Intrusion Detection. Springer, 124--145","author":"Pietraszek Tadeusz","year":"2005","unstructured":"Tadeusz Pietraszek and Chris Vanden Berghe. 2005. Defending against injection attacks through context-sensitive string evaluation. In International Workshop on Recent Advances in Intrusion Detection. Springer, 124--145."},{"key":"e_1_3_2_1_124_1","unstructured":"QEMU. 2019. Generic and open source machine emulator and virtualizer. https:\/\/www.qemu.org\/."},{"key":"e_1_3_2_1_125_1","unstructured":"Quan Yang. 2019. Taint'em-All: a taint analysis tool for the PHP language. https:\/\/github.com\/quanyang\/Taint-em-All."},{"key":"e_1_3_2_1_126_1","unstructured":"Rafal Janicki. 2019. Hackerone-633364. https:\/\/hackerone.com\/reports\/633364."},{"key":"e_1_3_2_1_127_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363195"},{"key":"e_1_3_2_1_128_1","unstructured":"RaymondDesign. 2012. Advanced-XML-Reader. https:\/\/wordpress.org\/plugins\/Advanced-XML-Reader\/."},{"key":"e_1_3_2_1_129_1","unstructured":"Renan Rocha. 2019. Hackerone-661959. https:\/\/hackerone.com\/reports\/661959."},{"key":"e_1_3_2_1_130_1","unstructured":"Robbie Chipka. 2020. GitHub - libxmljs:libxml bindings for v8 javascript engine. https:\/\/github.com\/libxmljs\/libxmljs."},{"key":"e_1_3_2_1_131_1","first-page":"3","article-title":"Constructing the Call Graph of a Program","volume":"5","author":"Ryder B. G.","year":"1979","unstructured":"B. G. Ryder. 1979. Constructing the Call Graph of a Program. IEEE Trans. Softw. Eng. 5, 3 (May 1979), 216--226.","journal-title":"IEEE Trans. Softw. Eng."},{"key":"e_1_3_2_1_132_1","volume-title":"FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications. In NDSS.","author":"Saxena Prateek","year":"2010","unstructured":"Prateek Saxena, Steve Hanna, Pongsin Poosankam, and Dawn Xiaodong Song. 2010. FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications. In NDSS."},{"key":"e_1_3_2_1_133_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046776"},{"key":"e_1_3_2_1_134_1","unstructured":"Sebastian Bergmann. 2020. Library that helps with managing the version number of Git-hosted PHP projects. https:\/\/packagist.org\/packages\/sebastian\/version."},{"key":"e_1_3_2_1_135_1","unstructured":"Sebastian Bergmann. 2020. PHPUnit is a programmer-oriented testing framework for PHP. https:\/\/phpunit.de\/."},{"key":"e_1_3_2_1_136_1","unstructured":"Sebastian Bergmann. 2020. Provides functionality to handle HHVM\/PHP environments. https:\/\/packagist.org\/packages\/sebastian\/environment."},{"key":"e_1_3_2_1_137_1","volume-title":"An Efficient Black-box Technique for DefeatingWeb Application Attacks. In Network and Distributed System Security Symposium (NDSS'09)","author":"Sekar R.","year":"2009","unstructured":"R. Sekar. 2009. An Efficient Black-box Technique for DefeatingWeb Application Attacks. In Network and Distributed System Security Symposium (NDSS'09)."},{"key":"e_1_3_2_1_138_1","unstructured":"Selenium. 2021. SeleniumHQ Browser Automation. https:\/\/www.selenium.dev\/."},{"key":"e_1_3_2_1_139_1","unstructured":"Genetech Solutions. 2020. Pie Register - Custom Registration Form Invitation based Registrations and User Login WordPress Plugin. https:\/\/wordpress.org\/plugins\/pie-register\/."},{"key":"e_1_3_2_1_140_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516696"},{"key":"e_1_3_2_1_141_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2003.1245302"},{"key":"e_1_3_2_1_142_1","unstructured":"SQLite. 2019. What Is SQLite. https:\/\/www.sqlite.org\/index.html."},{"key":"e_1_3_2_1_143_1","unstructured":"Star Beam Rainbow Labs. 2020. Pepperminty-Wiki. https:\/\/github.com\/sbrl\/Pepperminty-Wiki."},{"key":"e_1_3_2_1_144_1","unstructured":"Alexandre Strzelewicz. 2019. PM2. https:\/\/www.npmjs.com\/package\/pm2."},{"key":"e_1_3_2_1_145_1","volume-title":"The Essence of Command Injection Attacks in Web Applications. In Conference Record of the 33rd ACM SIGPLANSIGACT Symposium on Principles of Programming Languages","author":"Su Zhendong","year":"2006","unstructured":"Zhendong Su and Gary Wassermann. 2006. The Essence of Command Injection Attacks in Web Applications. In Conference Record of the 33rd ACM SIGPLANSIGACT Symposium on Principles of Programming Languages (Charleston, South Carolina, USA) (POPL '06). Association for Computing Machinery, New York, NY, USA, 372--382."},{"key":"e_1_3_2_1_146_1","unstructured":"Spinner. 2020. Spinner Project Website. https:\/\/github.com\/cmd-spinner\/commandrandom-spinner-php."},{"key":"e_1_3_2_1_147_1","unstructured":"Takayuki Miyoshi. 2020. Contact Form 7 can manage multiple contact forms. https:\/\/wordpress.org\/plugins\/contact-form-7\/."},{"key":"e_1_3_2_1_148_1","unstructured":"Tao Zhi. 2020. Nodejs SQL Parser. https:\/\/www.npmjs.com\/package\/node-sqlparser."},{"key":"e_1_3_2_1_149_1","unstructured":"Theofilos Petsios. 2014. sqlrand-llvm. https:\/\/github.com\/nettrino\/SQLRand."},{"key":"e_1_3_2_1_150_1","unstructured":"Tom Forbes. 2020. Github-orf\/xcat:Automate XPath injection attacks to retrieve documents. https:\/\/github.com\/orf\/xcat."},{"key":"e_1_3_2_1_151_1","unstructured":"Joe Topjian. 2009. Sanitize and Validate Data with PHP Filters. https:\/\/code.tutsplus.com\/tutorials\/sanitize-and-validate-data-with-php-filters--net-2595."},{"key":"e_1_3_2_1_152_1","unstructured":"TryGhost. 2020. The #1 headless Node.js CMS for professional publishing. https:\/\/github.com\/TryGhost\/Ghost."},{"key":"e_1_3_2_1_153_1","unstructured":"Daniel Veillard. 2019. libxml. http:\/\/xmlsoft.org\/."},{"key":"e_1_3_2_1_154_1","unstructured":"Vercel. 2020. Generate changelogs. https:\/\/github.com\/vercel\/release."},{"key":"e_1_3_2_1_155_1","unstructured":"Veselin. 2020. Easy package.json exports. https:\/\/www.npmjs.com\/package."},{"key":"e_1_3_2_1_156_1","volume-title":"KILLO: List any node_modules directories in your system. https:\/\/github.com\/voidcosmos\/npkill.","year":"2020","unstructured":"Voidcosmos. 2020. KILLO: List any node_modules directories in your system. https:\/\/github.com\/voidcosmos\/npkill."},{"key":"e_1_3_2_1_157_1","unstructured":"Matt Walters. 2019. meta-git. https:\/\/www.npmjs.com\/package\/meta-git."},{"key":"e_1_3_2_1_158_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250739"},{"key":"e_1_3_2_1_159_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368112"},{"key":"e_1_3_2_1_160_1","unstructured":"Wenbin Xiao. 2018. SQL Parser implemented in Go. https:\/\/github.com\/xwb1989\/sqlparser."},{"key":"e_1_3_2_1_161_1","unstructured":"WordPress. 2020. The WordPress Importer will import the content from a WordPress export file. https:\/\/wordpress.org\/plugins\/wordpress-importer\/."},{"key":"e_1_3_2_1_162_1","unstructured":"WordPress. 2020. WordPress Plugins. https:\/\/wordpress.org\/plugins."},{"key":"e_1_3_2_1_163_1","unstructured":"World Wide Broadcast Network. 2020. AVideo-Encoder. https:\/\/github.com\/WWBN\/AVideo-Encoder."},{"key":"e_1_3_2_1_164_1","doi-asserted-by":"publisher","DOI":"10.5555\/1267336.1267349"},{"key":"e_1_3_2_1_165_1","unstructured":"Yoast BV. 2020. Yoast SEO. https:\/\/yoast.com\/wordpress\/plugins\/seo\/."},{"key":"e_1_3_2_1_166_1","unstructured":"Zach Carter. 2017. An API for creating parsers in JavaScript. https:\/\/www.npmjs.com\/package\/jison."}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484577","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484577","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484577","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:43:37Z","timestamp":1763498617000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484577"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":166,"alternative-id":["10.1145\/3460120.3484577","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484577","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}