{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,31]],"date-time":"2026-03-31T03:53:53Z","timestamp":1774929233417,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":23,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,4,18]],"date-time":"2024-04-18T00:00:00Z","timestamp":1713398400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,4,18]]},"DOI":"10.1145\/3603287.3651194","type":"proceedings-article","created":{"date-parts":[[2024,4,27]],"date-time":"2024-04-27T12:06:34Z","timestamp":1714219594000},"page":"229-234","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["A Pilot Study on Secure Code Generation with ChatGPT for Web Applications"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-8030-7733","authenticated-orcid":false,"given":"Mahesh","family":"Jamdade","sequence":"first","affiliation":[{"name":"University of Massachusetts Dartmouth, Dartmouth, Massachusetts, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1571-5442","authenticated-orcid":false,"given":"Yi","family":"Liu","sequence":"additional","affiliation":[{"name":"University of Massachusetts Dartmouth, Dartmouth, Massachusetts, USA"}]}],"member":"320","published-online":{"date-parts":[[2024,4,27]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Chen Jianjun","year":"2018","unstructured":"Jianjun Chen, Jian Jiang, Haixin Duan, Tao Wan, Shuo Chen, Vern Paxson, and Min Yang. 2018. We still Don't Have Secure Cross-Domain Requests: an Empirical Study of CORS. In 27th USENIX Security Symposium (USENIX Security 18). Baltimore, USA, 1079--1093."},{"key":"e_1_3_2_1_2_1","unstructured":"Edgescan. 2023. 2023 Vulnerability Statistics Report. https:\/\/www.edgescan.com\/intel-hub\/stats-report"},{"key":"e_1_3_2_1_3_1","volume-title":"Proceedings of the 32nd International Conference on Software Engineering and Knowledge Engineering (SEKE","author":"Ezenwoye Onyeka","year":"2020","unstructured":"Onyeka Ezenwoye, Yi Liu, and Willam Patten. 2020. Classifying Common Security Vulnerabilities by Software Type. In Proceedings of the 32nd International Conference on Software Engineering and Knowledge Engineering (SEKE 2020). Pittsburgh, USA, 61--64."},{"key":"e_1_3_2_1_4_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Franken Gertjan","year":"2023","unstructured":"Gertjan Franken, Tom Van Goethem, Lieven Desmet, and Wouter Joosen. 2023. A Bug's Life: Analyzing the Lifecycle and Mitigation Process of Content Security Policy Bugs. In 32nd USENIX Security Symposium (USENIX Security 23). Anaheim, USA, 3673--3690."},{"key":"e_1_3_2_1_5_1","unstructured":"Kristi Hines. 2023. History Of ChatGPT: A Timeline Of The Meteoric Rise Of Generative AI Chatbots. https:\/\/www.searchenginejournal.com\/history-of-chatgpt-timeline\/488370\/"},{"key":"e_1_3_2_1_6_1","volume-title":"Recommendations and Java Solution Prototype Based on the SQL DOM. In OWASP Application Security Conference.","author":"Janot Etienne","year":"2008","unstructured":"Etienne Janot and Pavol Zavarsky. 2008. Preventing SQL Injections in Online Applications: Study, Recommendations and Java Solution Prototype Based on the SQL DOM. In OWASP Application Security Conference."},{"key":"e_1_3_2_1_7_1","volume-title":"Assessing the Promise and Pitfalls of ChatGPT for Automated Code Generation. arXiv preprint","author":"Akbar Khan Muhammad Fawad","year":"2023","unstructured":"Muhammad Fawad Akbar Khan, Max Ramsdell, Erik Falor, and Hamid Karimi. 2023. Assessing the Promise and Pitfalls of ChatGPT for Automated Code Generation. arXiv preprint (2023). https:\/\/doi.org\/arXiv:2311.02640"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833637"},{"key":"e_1_3_2_1_9_1","volume-title":"HowSecure is Code Generated by ChatGPT? arXiv preprint arXiv:2304.09655","author":"Khoury Rapha\u00ebl","year":"2023","unstructured":"Rapha\u00ebl Khoury, Anderson R Avila, Jacob Brunelle, and Baba Mamadou Camara. 2023. HowSecure is Code Generated by ChatGPT? arXiv preprint arXiv:2304.09655 (2023)."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2960449"},{"key":"e_1_3_2_1_11_1","unstructured":"MITRE. 2006--2023. CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. https:\/\/cwe.mitre.org\/data\/definitions\/200.html"},{"key":"e_1_3_2_1_12_1","unstructured":"MITRE. 2006--2023. CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). https:\/\/cwe.mitre.org\/data\/definitions\/79.html"},{"key":"e_1_3_2_1_13_1","unstructured":"MITRE. 2006--2023. CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). https:\/\/cwe.mitre.org\/data\/definitions\/89.html"},{"key":"e_1_3_2_1_14_1","unstructured":"MITRE. 2006--2023. CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection'). https:\/\/cwe.mitre.org\/data\/definitions\/93.html"},{"key":"e_1_3_2_1_15_1","volume-title":"Generating Secure Hardware Using ChatGPT Resistant to CWEs. Cryptology ePrint Archive","author":"Nair Madhav","year":"2023","unstructured":"Madhav Nair, Rajat Sadhukhan, and Debdeep Mukhopadhyay. 2023. Generating Secure Hardware Using ChatGPT Resistant to CWEs. Cryptology ePrint Archive (2023). https:\/\/eprint.iacr.org\/2023\/212.pdf"},{"key":"e_1_3_2_1_16_1","first-page":"2017","article-title":"OWASP Top Ten 2017","volume":"3","author":"OWASP.","year":"2017","unstructured":"OWASP. 2017. OWASP Top Ten 2017: OWASP A3:2017-Sensitive Data Exposure. https:\/\/owasp.org\/www-project-top-ten\/2017\/A3_2017-Sensitive_Data_Exposure","journal-title":"OWASP"},{"key":"e_1_3_2_1_17_1","unstructured":"OWASP. 2021. OWASP Top 10 A01:2021 - Broken Access Control. https:\/\/owasp.org\/Top10\/A01_2021-Broken_Access_Control\/"},{"key":"e_1_3_2_1_18_1","unstructured":"OWASP. 2021. OWASP Top 10 A03:2021 - Injection. https:\/\/owasp.org\/Top10\/A03_2021-Injection\/"},{"key":"e_1_3_2_1_19_1","unstructured":"OWASP. 2021. OWASP Top Ten Web Application Security Risks. https:\/\/owasp.org\/www-project-top-ten\/"},{"key":"e_1_3_2_1_20_1","unstructured":"Veracode. 2023. State of Software Security 2023: Annual Report on the State of Application Security. https:\/\/www.veracode.com\/state-of-software-security-report"},{"key":"e_1_3_2_1_21_1","unstructured":"Wallam. 2022. CRLF Injection Attack: Examples and Prevention. https:\/\/www.wallarm.com\/what\/crlf-injection-attack"},{"key":"e_1_3_2_1_22_1","volume-title":"Preventing SQL Injection Attacks in Stored Procedures. In Australian Software Engineering Conference (ASWEC'06)","author":"Wei Kei","year":"2006","unstructured":"Kei Wei, Muthusrinivasan Muthuprasanna, and Suraj Kothari. 2006. Preventing SQL Injection Attacks in Stored Procedures. In Australian Software Engineering Conference (ASWEC'06). IEEE, Sydney, Australia."},{"key":"e_1_3_2_1_23_1","volume-title":"Refactoring, Requirements Elicitation, and Software Design. arXiv preprint arXiv:2303.07839","author":"White Jules","year":"2023","unstructured":"Jules White, Sam Hays, Quchen Fu, Jesse Spencer-Smith, and Douglas C Schmidt. 2023. Chatgpt Prompt Patterns for Improving Code Quality, Refactoring, Requirements Elicitation, and Software Design. arXiv preprint arXiv:2303.07839 (2023)."}],"event":{"name":"ACM SE '24: 2024 ACM Southeast Conference","location":"Marietta GA USA","acronym":"ACM SE '24","sponsor":["ACM Association for Computing Machinery"]},"container-title":["Proceedings of the 2024 ACM Southeast Conference on ZZZ"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3603287.3651194","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3603287.3651194","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,29]],"date-time":"2025-08-29T17:06:30Z","timestamp":1756487190000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3603287.3651194"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,18]]},"references-count":23,"alternative-id":["10.1145\/3603287.3651194","10.1145\/3603287"],"URL":"https:\/\/doi.org\/10.1145\/3603287.3651194","relation":{},"subject":[],"published":{"date-parts":[[2024,4,18]]},"assertion":[{"value":"2024-04-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}