{"id":"https://openalex.org/W3012365826","doi":"https://doi.org/10.1007/s11219-019-09469-y","title":"Planning-based security testing of web applications with attack grammars","display_name":"Planning-based security testing of web applications with attack grammars","publication_year":2020,"publication_date":"2020-03-01","ids":{"openalex":"https://openalex.org/W3012365826","doi":"https://doi.org/10.1007/s11219-019-09469-y","mag":"3012365826"},"language":"en","primary_location":{"id":"doi:10.1007/s11219-019-09469-y","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s11219-019-09469-y","pdf_url":"https://link.springer.com/content/pdf/10.1007/s11219-019-09469-y.pdf","source":{"id":"https://openalex.org/S7504070","display_name":"Software Quality Journal","issn_l":"0963-9314","issn":["0963-9314","1573-1367"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Software Quality Journal","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s11219-019-09469-y.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5040492454","display_name":"Josip Bo\u017ei\u0107","orcid":"https://orcid.org/0000-0001-6086-8846"},"institutions":[{"id":"https://openalex.org/I4092182","display_name":"Graz University of Technology","ror":"https://ror.org/00d7xrm67","country_code":"AT","type":"education","lineage":["https://openalex.org/I4092182"]}],"countries":["AT"],"is_corresponding":true,"raw_author_name":"Josip Bozic","raw_affiliation_strings":["Institute of Software Technology, Graz University of Technology, A-8010, Graz, Austria"],"affiliations":[{"raw_affiliation_string":"Institute of Software Technology, Graz University of Technology, A-8010, Graz, Austria","institution_ids":["https://openalex.org/I4092182"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5011388533","display_name":"Franz Wotawa","orcid":"https://orcid.org/0000-0002-0462-2283"},"institutions":[{"id":"https://openalex.org/I4092182","display_name":"Graz University of Technology","ror":"https://ror.org/00d7xrm67","country_code":"AT","type":"education","lineage":["https://openalex.org/I4092182"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Franz Wotawa","raw_affiliation_strings":["Institute of Software Technology, Graz University of Technology, A-8010, Graz, Austria"],"affiliations":[{"raw_affiliation_string":"Institute of Software Technology, Graz University of Technology, A-8010, Graz, Austria","institution_ids":["https://openalex.org/I4092182"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5040492454"],"corresponding_institution_ids":["https://openalex.org/I4092182"],"apc_list":{"value":2390,"currency":"EUR","value_usd":2990},"apc_paid":{"value":2390,"currency":"EUR","value_usd":2990},"fwci":3.6165,"has_fulltext":true,"cited_by_count":15,"citation_normalized_percentile":{"value":0.93932733,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":"28","issue":"1","first_page":"307","last_page":"334"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9966999888420105,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.686926543712616},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6196839213371277},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.5856367349624634},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5759413838386536},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.5037047266960144},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.4994034767150879},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.47024908661842346},{"id":"https://openalex.org/keywords/model-based-testing","display_name":"Model-based testing","score":0.42142045497894287},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3513150215148926},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.31828874349594116},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.3046003580093384},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.3028145432472229},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.2733995318412781},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.26154929399490356},{"id":"https://openalex.org/keywords/test-case","display_name":"Test case","score":0.2614484131336212},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.2054673731327057},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.148697167634964},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.14752206206321716}],"concepts":[{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.686926543712616},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6196839213371277},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.5856367349624634},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5759413838386536},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.5037047266960144},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.4994034767150879},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.47024908661842346},{"id":"https://openalex.org/C165825675","wikidata":"https://www.wikidata.org/wiki/Q1399743","display_name":"Model-based testing","level":4,"score":0.42142045497894287},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3513150215148926},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.31828874349594116},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.3046003580093384},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.3028145432472229},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.2733995318412781},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.26154929399490356},{"id":"https://openalex.org/C128942645","wikidata":"https://www.wikidata.org/wiki/Q1568346","display_name":"Test case","level":3,"score":0.2614484131336212},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.2054673731327057},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.148697167634964},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.14752206206321716},{"id":"https://openalex.org/C152877465","wikidata":"https://www.wikidata.org/wiki/Q208042","display_name":"Regression analysis","level":2,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s11219-019-09469-y","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s11219-019-09469-y","pdf_url":"https://link.springer.com/content/pdf/10.1007/s11219-019-09469-y.pdf","source":{"id":"https://openalex.org/S7504070","display_name":"Software Quality Journal","issn_l":"0963-9314","issn":["0963-9314","1573-1367"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Software Quality Journal","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s11219-019-09469-y","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s11219-019-09469-y","pdf_url":"https://link.springer.com/content/pdf/10.1007/s11219-019-09469-y.pdf","source":{"id":"https://openalex.org/S7504070","display_name":"Software Quality Journal","issn_l":"0963-9314","issn":["0963-9314","1573-1367"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Software Quality Journal","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.4000000059604645}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3012365826.pdf","grobid_xml":"https://content.openalex.org/works/W3012365826.grobid-xml"},"referenced_works_count":38,"referenced_works":["https://openalex.org/W56175857","https://openalex.org/W164068750","https://openalex.org/W197713628","https://openalex.org/W950259339","https://openalex.org/W1122166571","https://openalex.org/W1489183362","https://openalex.org/W1731763842","https://openalex.org/W1925951816","https://openalex.org/W1996788431","https://openalex.org/W2062019474","https://openalex.org/W2065555413","https://openalex.org/W2065948900","https://openalex.org/W2144220405","https://openalex.org/W2144696387","https://openalex.org/W2149801502","https://openalex.org/W2156693129","https://openalex.org/W2156835762","https://openalex.org/W2337392266","https://openalex.org/W2405774806","https://openalex.org/W2498396160","https://openalex.org/W2528809805","https://openalex.org/W2574017551","https://openalex.org/W2575458798","https://openalex.org/W2616205851","https://openalex.org/W2623293810","https://openalex.org/W2744259771","https://openalex.org/W2772097816","https://openalex.org/W2807655027","https://openalex.org/W2809876556","https://openalex.org/W2811453957","https://openalex.org/W2948004622","https://openalex.org/W3021909058","https://openalex.org/W4231824416","https://openalex.org/W4252443823","https://openalex.org/W6629245573","https://openalex.org/W6678087030","https://openalex.org/W6685490120","https://openalex.org/W6763427898"],"related_works":["https://openalex.org/W2155353733","https://openalex.org/W2062583373","https://openalex.org/W1566131087","https://openalex.org/W2126513753","https://openalex.org/W4240401768","https://openalex.org/W2018644264","https://openalex.org/W4360994451","https://openalex.org/W4313307479","https://openalex.org/W2102558121","https://openalex.org/W2104846611"],"abstract_inverted_index":{"Abstract":[0],"Web":[1],"applications":[2,16],"are":[3],"deployed":[4],"on":[5,23,98],"machines":[6],"around":[7],"the":[8,29,58],"globe":[9],"and":[10,36,42,76,110,127,129,155],"offer":[11],"almost":[12],"universal":[13],"accessibility.":[14],"These":[15],"assure":[17],"functional":[18],"interconnectivity":[19],"between":[20],"different":[21,61],"components":[22],"a":[24,122],"24/7":[25],"basis.":[26],"One":[27],"of":[28,60,65,115,125,134],"most":[30],"important":[31],"requirements":[32,44],"is":[33,64],"data":[34],"confidentiality":[35],"secure":[37,152],"authentication.":[38],"However,":[39],"implementation":[40],"flaws":[41],"unfulfilled":[43],"often":[45],"result":[46],"in":[47,68,81,113],"security":[48],"leaks":[49],"that":[50,142],"malicious":[51],"users":[52],"eventually":[53,143],"exploited.":[54],"In":[55,83,94],"this":[56,84],"context,":[57],"application":[59],"testing":[62,102,114,139],"methods":[63],"utmost":[66],"importance":[67],"order":[69],"to":[70,77,88,145],"detect":[71],"software":[72],"defects":[73],"during":[74],"development":[75],"prevent":[78],"unauthorized":[79],"access":[80],"advance.":[82],"paper,":[85],"we":[86,96,104],"contribute":[87],"test":[89],"automation":[90],"for":[91,101],"web":[92,116,153],"applications.":[93,117,156],"particular,":[95],"focus":[97],"using":[99],"planning":[100,119],"where":[103],"introduce":[105],"underlying":[106],"models":[107],"covering":[108],"attacks":[109],"their":[111],"use":[112],"The":[118],"model":[120],"offers":[121],"high":[123],"degree":[124],"extendibility":[126],"configurability":[128],"as":[130],"well":[131],"overcomes":[132],"limits":[133],"traditional":[135],"graphical":[136],"representations.":[137],"New":[138],"possibilities":[140],"emerge":[141],"lead":[144],"better":[146],"vulnerability":[147],"detection,":[148],"therefore":[149],"ensuring":[150],"more":[151],"services":[154]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":2}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}