{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,30]],"date-time":"2026-05-30T00:34:36Z","timestamp":1780101276143,"version":"3.54.0"},"publisher-location":"New York, NY, USA","reference-count":23,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,7,7]],"date-time":"2022-07-07T00:00:00Z","timestamp":1657152000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,7,7]]},"DOI":"10.1145\/3502718.3524795","type":"proceedings-article","created":{"date-parts":[[2022,7,7]],"date-time":"2022-07-07T10:28:30Z","timestamp":1657189710000},"page":"463-469","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["XSS for the Masses"],"prefix":"10.1145","author":[{"given":"Lwin Khin","family":"Shar","sequence":"first","affiliation":[{"name":"Singapore Management University, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Christopher M.","family":"Poskitt","sequence":"additional","affiliation":[{"name":"Singapore Management University, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Kyong Jin","family":"Shim","sequence":"additional","affiliation":[{"name":"Singapore Management University, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Li Ying Leonard","family":"Wong","sequence":"additional","affiliation":[{"name":"Singapore Management University, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2022,7,7]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"OWASP Top 10 Web Application Vulnerabilities. https:\/\/owasp.org\/wwwproject-top-ten\/","year":"2022","unstructured":"2021. OWASP Top 10 Web Application Vulnerabilities. https:\/\/owasp.org\/wwwproject-top-ten\/ . Accessed : April 2022 . 2021. OWASP Top 10 Web Application Vulnerabilities. https:\/\/owasp.org\/wwwproject-top-ten\/. Accessed: April 2022."},{"key":"e_1_3_2_1_2_1","volume-title":"OWASP Zed Attack Proxy (ZAP). https:\/\/www.zaproxy.org\/","year":"2022","unstructured":"2022. OWASP Zed Attack Proxy (ZAP). https:\/\/www.zaproxy.org\/ . Accessed : April 2022 . 2022. OWASP Zed Attack Proxy (ZAP). https:\/\/www.zaproxy.org\/. Accessed: April 2022."},{"key":"e_1_3_2_1_3_1","volume-title":"https:\/\/semgrep.dev\/","year":"2022","unstructured":"2022. Semgrep. https:\/\/semgrep.dev\/ . Accessed : April 2022 . 2022. Semgrep. https:\/\/semgrep.dev\/. Accessed: April 2022."},{"key":"e_1_3_2_1_4_1","volume-title":"W3Schools: HTML DOM innerHTML Property. https:\/\/www.w3schools. com\/jsref\/prop_html_innerhtml.asp","year":"2022","unstructured":"2022. W3Schools: HTML DOM innerHTML Property. https:\/\/www.w3schools. com\/jsref\/prop_html_innerhtml.asp . Accessed : April 2022 . 2022. W3Schools: HTML DOM innerHTML Property. https:\/\/www.w3schools. com\/jsref\/prop_html_innerhtml.asp. Accessed: April 2022."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372782.3406266"},{"key":"e_1_3_2_1_6_1","volume-title":"Textbook Underflow: Insufficient Security Discussions in Textbooks Used for Computer Systems Courses. In SIGCSE'21","author":"Almansoori Majed","year":"2021","unstructured":"Majed Almansoori , Jessica Lam , Elias Fang , Adalbert Gerald Soosai Raj , and Rahul Chatterjee . 2021 . Textbook Underflow: Insufficient Security Discussions in Textbooks Used for Computer Systems Courses. In SIGCSE'21 . ACM, 1212--1218. Majed Almansoori, Jessica Lam, Elias Fang, Adalbert Gerald Soosai Raj, and Rahul Chatterjee. 2021. Textbook Underflow: Insufficient Security Discussions in Textbooks Used for Computer Systems Courses. In SIGCSE'21. ACM, 1212--1218."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"crossref","unstructured":"Shiva Azadegan M. Lavine Michael O'Leary Alexander L. Wijesinha and Marius Zimand. 2003. An undergraduate track in computer security. In ITiCSE'03. ACM 207--210.  Shiva Azadegan M. Lavine Michael O'Leary Alexander L. Wijesinha and Marius Zimand. 2003. An undergraduate track in computer security. In ITiCSE'03. ACM 207--210.","DOI":"10.1145\/961290.961568"},{"key":"e_1_3_2_1_8_1","volume-title":"Log4j RCE latest: In case you hadn't noticed, this is Really Very Bad, exploited in the wild, needs urgent patching. The Register","author":"Corfield Gareth","year":"2021","unstructured":"Gareth Corfield . 2021. Log4j RCE latest: In case you hadn't noticed, this is Really Very Bad, exploited in the wild, needs urgent patching. The Register ( 2021 ). https:\/\/www.theregister.com\/2021\/12\/13\/log4j_rce_latest\/ Accessed : April 2022. Gareth Corfield. 2021. Log4j RCE latest: In case you hadn't noticed, this is Really Very Bad, exploited in the wild, needs urgent patching. The Register (2021). https:\/\/www.theregister.com\/2021\/12\/13\/log4j_rce_latest\/ Accessed: April 2022."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1002\/wics.106"},{"key":"e_1_3_2_1_10_1","volume-title":"Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In NDSS'17","author":"Lauinger Tobias","year":"2017","unstructured":"Tobias Lauinger , Abdelberi Chaabane , Sajjad Arshad , William Robertson , Christo Wilson , and Engin Kirda . 2017 . Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In NDSS'17 . The Internet Society. Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson, and Engin Kirda. 2017. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In NDSS'17. The Internet Society."},{"key":"e_1_3_2_1_11_1","volume-title":"According to Report from Accenture and Ponemon Institute. Accenture Newsroom","author":"McGinn Michael","year":"2019","unstructured":"Michael McGinn . 2019. Cost of Cybercrime Continues to Rise for Financial Services Firms , According to Report from Accenture and Ponemon Institute. Accenture Newsroom ( 2019 ). https:\/\/newsroom.accenture.com\/news\/costof-cybercrime-continues-to-rise-for-financial-services-firms-according-toreport-from-accenture-and-ponemon-institute.htm Accessed : April 2022. Michael McGinn. 2019. Cost of Cybercrime Continues to Rise for Financial Services Firms, According to Report from Accenture and Ponemon Institute. Accenture Newsroom (2019). https:\/\/newsroom.accenture.com\/news\/costof-cybercrime-continues-to-rise-for-financial-services-firms-according-toreport-from-accenture-and-ponemon-institute.htm Accessed: April 2022."},{"key":"e_1_3_2_1_12_1","volume-title":"We need to start teaching young children about cybersecurity. World Economic Forum","author":"Mee Paul","year":"2020","unstructured":"Paul Mee . 2020. We need to start teaching young children about cybersecurity. World Economic Forum ( 2020 ). https:\/\/www.weforum.org\/agenda\/2020\/03\/weneed-to-start-teaching-young-children-about-cybersecurity\/ Accessed : April 2022. Paul Mee. 2020. We need to start teaching young children about cybersecurity. World Economic Forum (2020). https:\/\/www.weforum.org\/agenda\/2020\/03\/weneed-to-start-teaching-young-children-about-cybersecurity\/ Accessed: April 2022."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/563340.563480"},{"key":"e_1_3_2_1_14_1","first-page":"170","article-title":"Integrating Security across the Computer Science Curriculum","volume":"19","author":"Null Linda","year":"2004","unstructured":"Linda Null . 2004 . Integrating Security across the Computer Science Curriculum . J. Comput. Sci. Coll. 19 , 5 (2004), 170 -- 178 . Linda Null. 2004. Integrating Security across the Computer Science Curriculum. J. Comput. Sci. Coll. 19, 5 (2004), 170--178.","journal-title":"J. Comput. Sci. Coll."},{"key":"e_1_3_2_1_15_1","volume-title":"ASEE'05","author":"Perrone Luiz Felipe","year":"2005","unstructured":"Luiz Felipe Perrone , Maurice Aburdene , and Xiannong Meng . 2005 . Approaches to Undergraduate Instruction in Computer Security . In ASEE'05 . American Society for Engineering Education. Luiz Felipe Perrone, Maurice Aburdene, and Xiannong Meng. 2005. Approaches to Undergraduate Instruction in Computer Security. In ASEE'05. American Society for Engineering Education."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"crossref","unstructured":"Ambareen Siraj Sheikh Ghafoor Joshua Tower and Ada Haynes. 2014. Empowering faculty to embed security topics into computer science courses. In ITiCSE'14. ACM 99--104.  Ambareen Siraj Sheikh Ghafoor Joshua Tower and Ada Haynes. 2014. Empowering faculty to embed security topics into computer science courses. In ITiCSE'14. ACM 99--104.","DOI":"10.1145\/2591708.2591741"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3328778.3366816"},{"key":"e_1_3_2_1_18_1","volume-title":"Evaluating Two Methods for Integrating Secure Programming Education. In SIGCSE'18","author":"Tabassum Madiha","year":"2018","unstructured":"Madiha Tabassum , Stacey Watson , Bill Chu , and Heather Richter Lipford . 2018 . Evaluating Two Methods for Integrating Secure Programming Education. In SIGCSE'18 . ACM, 390--395. Madiha Tabassum, Stacey Watson, Bill Chu, and Heather Richter Lipford. 2018. Evaluating Two Methods for Integrating Secure Programming Education. In SIGCSE'18. ACM, 390--395."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"crossref","unstructured":"Blair Taylor and Siddharth Kaza. 2011. Security injections: modules to help students remember understand and apply secure coding techniques. In ITiCSE'11. ACM 3--7.  Blair Taylor and Siddharth Kaza. 2011. Security injections: modules to help students remember understand and apply secure coding techniques. In ITiCSE'11. ACM 3--7.","DOI":"10.1145\/1999747.1999752"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3287324.3287429"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1177\/0735633117708816"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2676723.2677280"},{"key":"e_1_3_2_1_23_1","volume-title":"ASE @ USENIX'16","author":"Yue Chuan","year":"2013","unstructured":"Chuan Yue . 2016. Teaching Computer Science With Cybersecurity Education Built-in . In ASE @ USENIX'16 . USENIX Association . [24] Jun Zhu, Heather Richter Lipford, and Bill Chu. 2013 . Interactive support for secure programming education. In SIGCSE'13. ACM, 687--692 Chuan Yue. 2016. Teaching Computer Science With Cybersecurity Education Built-in. In ASE @ USENIX'16. USENIX Association. [24] Jun Zhu, Heather Richter Lipford, and Bill Chu. 2013. Interactive support for secure programming education. In SIGCSE'13. ACM, 687--692"}],"event":{"name":"ITiCSE 2022: Innovation and Technology in Computer Science Education","location":"Dublin Ireland","acronym":"ITiCSE 2022","sponsor":["SIGCSE ACM Special Interest Group on Computer Science Education"]},"container-title":["Proceedings of the 27th ACM Conference on on Innovation and Technology in Computer Science Education Vol. 1"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3502718.3524795","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3502718.3524795","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:09:47Z","timestamp":1750183787000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3502718.3524795"}},"subtitle":["Integrating Security in a Web Programming Course using a Security Scanner"],"short-title":[],"issued":{"date-parts":[[2022,7,7]]},"references-count":23,"alternative-id":["10.1145\/3502718.3524795","10.1145\/3502718"],"URL":"https:\/\/doi.org\/10.1145\/3502718.3524795","relation":{},"subject":[],"published":{"date-parts":[[2022,7,7]]},"assertion":[{"value":"2022-07-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}