{"id":"https://openalex.org/W3016805420","doi":"https://doi.org/10.1080/19393555.2020.1740839","title":"A survey and classification of XML based attacks on web applications","display_name":"A survey and classification of XML based attacks on web applications","publication_year":2020,"publication_date":"2020-04-12","ids":{"openalex":"https://openalex.org/W3016805420","doi":"https://doi.org/10.1080/19393555.2020.1740839","mag":"3016805420"},"language":"en","primary_location":{"id":"doi:10.1080/19393555.2020.1740839","is_oa":false,"landing_page_url":"https://doi.org/10.1080/19393555.2020.1740839","pdf_url":null,"source":{"id":"https://openalex.org/S39280739","display_name":"Information Security Journal A Global Perspective","issn_l":"1939-3547","issn":["1939-3547","1939-3555"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320547","host_organization_name":"Taylor & Francis","host_organization_lineage":["https://openalex.org/P4310320547"],"host_organization_lineage_names":["Taylor & Francis"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information Security Journal: A Global Perspective","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5050175775","display_name":"Charu Gupta","orcid":"https://orcid.org/0000-0001-9169-5108"},"institutions":[{"id":"https://openalex.org/I4210143260","display_name":"Indira Gandhi Delhi Technical University for Women","ror":"https://ror.org/057c5p638","country_code":"IN","type":"education","lineage":["https://openalex.org/I4210143260"]}],"countries":["IN"],"is_corresponding":true,"raw_author_name":"Charu Gupta","raw_affiliation_strings":["Department of Information Technology, Indira Gandhi Delhi Technical University for Women, Delhi, India"],"affiliations":[{"raw_affiliation_string":"Department of Information Technology, Indira Gandhi Delhi Technical University for Women, Delhi, India","institution_ids":["https://openalex.org/I4210143260"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014993324","display_name":"R. K. Singh","orcid":"https://orcid.org/0000-0001-8729-2293"},"institutions":[{"id":"https://openalex.org/I4210143260","display_name":"Indira Gandhi Delhi Technical University for Women","ror":"https://ror.org/057c5p638","country_code":"IN","type":"education","lineage":["https://openalex.org/I4210143260"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Rakesh Kumar Singh","raw_affiliation_strings":["Department of Information Technology, Indira Gandhi Delhi Technical University for Women, Delhi, India"],"affiliations":[{"raw_affiliation_string":"Department of Information Technology, Indira Gandhi Delhi Technical University for Women, Delhi, India","institution_ids":["https://openalex.org/I4210143260"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5021107821","display_name":"Amar Kumar Mohapatra","orcid":"https://orcid.org/0000-0002-8025-6879"},"institutions":[{"id":"https://openalex.org/I4210143260","display_name":"Indira Gandhi Delhi Technical University for Women","ror":"https://ror.org/057c5p638","country_code":"IN","type":"education","lineage":["https://openalex.org/I4210143260"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Amar Kumar Mohapatra","raw_affiliation_strings":["Department of Information Technology, Indira Gandhi Delhi Technical University for Women, Delhi, India"],"affiliations":[{"raw_affiliation_string":"Department of Information Technology, Indira Gandhi Delhi Technical University for Women, Delhi, India","institution_ids":["https://openalex.org/I4210143260"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5050175775"],"corresponding_institution_ids":["https://openalex.org/I4210143260"],"apc_list":null,"apc_paid":null,"fwci":2.9359,"has_fulltext":false,"cited_by_count":13,"citation_normalized_percentile":{"value":0.92536295,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":"29","issue":"4","first_page":"183","last_page":"198"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9958000183105469,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9940000176429749,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8220275640487671},{"id":"https://openalex.org/keywords/xml-signature","display_name":"XML Signature","score":0.6772026419639587},{"id":"https://openalex.org/keywords/efficient-xml-interchange","display_name":"Efficient XML Interchange","score":0.575364351272583},{"id":"https://openalex.org/keywords/xml","display_name":"XML","score":0.5477067232131958},{"id":"https://openalex.org/keywords/xml-validation","display_name":"XML validation","score":0.5377810597419739},{"id":"https://openalex.org/keywords/xml-schema-editor","display_name":"XML Schema Editor","score":0.5277565121650696},{"id":"https://openalex.org/keywords/xml-encryption","display_name":"XML Encryption","score":0.5071759223937988},{"id":"https://openalex.org/keywords/streaming-xml","display_name":"Streaming XML","score":0.4885760247707367},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.4555160105228424},{"id":"https://openalex.org/keywords/xml-database","display_name":"XML database","score":0.4321656823158264},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.43173277378082275},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.3731541335582733}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8220275640487671},{"id":"https://openalex.org/C34330436","wikidata":"https://www.wikidata.org/wiki/Q979532","display_name":"XML Signature","level":4,"score":0.6772026419639587},{"id":"https://openalex.org/C11508877","wikidata":"https://www.wikidata.org/wiki/Q1124477","display_name":"Efficient XML Interchange","level":3,"score":0.575364351272583},{"id":"https://openalex.org/C8797682","wikidata":"https://www.wikidata.org/wiki/Q2115","display_name":"XML","level":2,"score":0.5477067232131958},{"id":"https://openalex.org/C55348073","wikidata":"https://www.wikidata.org/wiki/Q595926","display_name":"XML validation","level":3,"score":0.5377810597419739},{"id":"https://openalex.org/C34716815","wikidata":"https://www.wikidata.org/wiki/Q8042322","display_name":"XML Schema Editor","level":3,"score":0.5277565121650696},{"id":"https://openalex.org/C173242113","wikidata":"https://www.wikidata.org/wiki/Q607488","display_name":"XML Encryption","level":4,"score":0.5071759223937988},{"id":"https://openalex.org/C44883583","wikidata":"https://www.wikidata.org/wiki/Q7622687","display_name":"Streaming XML","level":3,"score":0.4885760247707367},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.4555160105228424},{"id":"https://openalex.org/C183068750","wikidata":"https://www.wikidata.org/wiki/Q357393","display_name":"XML database","level":3,"score":0.4321656823158264},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.43173277378082275},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.3731541335582733}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1080/19393555.2020.1740839","is_oa":false,"landing_page_url":"https://doi.org/10.1080/19393555.2020.1740839","pdf_url":null,"source":{"id":"https://openalex.org/S39280739","display_name":"Information Security Journal A Global Perspective","issn_l":"1939-3547","issn":["1939-3547","1939-3555"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320547","host_organization_name":"Taylor & Francis","host_organization_lineage":["https://openalex.org/P4310320547"],"host_organization_lineage_names":["Taylor & Francis"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information Security Journal: A Global Perspective","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7400000095367432,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W1537258151","https://openalex.org/W1990818816","https://openalex.org/W2060682131","https://openalex.org/W2098007390","https://openalex.org/W2346870115","https://openalex.org/W2470530050","https://openalex.org/W2512888504","https://openalex.org/W2513642240","https://openalex.org/W2772008372","https://openalex.org/W2899160935","https://openalex.org/W2899839931","https://openalex.org/W2902948201","https://openalex.org/W4251569978"],"related_works":["https://openalex.org/W2536894089","https://openalex.org/W2357844625","https://openalex.org/W2154945712","https://openalex.org/W2106024890","https://openalex.org/W200734095","https://openalex.org/W1489679176","https://openalex.org/W2387469870","https://openalex.org/W1967615779","https://openalex.org/W200491402","https://openalex.org/W2117064692"],"abstract_inverted_index":{"XML":[0,10,14,37,60,98,121],"based":[1,38,122,124],"attacks":[2,39],"are":[3,105,135],"executed":[4],"in":[5,43,51,85],"web":[6,143],"applications":[7],"through":[8],"crafted":[9],"document":[11,61],"that":[12,149],"forces":[13],"parser":[15],"to":[16,22,65,69,107,131],"process":[17],"un-validated":[18],"documents.":[19],"This":[20],"leads":[21],"disclosure":[23],"of":[24,32,48,54,90,97,120],"sensitive":[25],"information,":[26],"malicious":[27],"code":[28],"execution":[29],"and":[30,67,100],"disruption":[31],"services.":[33],"OWASP":[34],"has":[35],"included":[36],"at":[40],"number":[41,96],"four":[42],"its":[44],"top":[45],"10":[46],"list":[47],"vulnerabilities":[49,56,80,99,123,134],"published":[50],"2017.":[52],"Most":[53],"the":[55,59,75,86,91,114,142],"reported":[57,84],"using":[58],"range":[62],"from":[63],"high":[64],"critical":[66],"require":[68],"be":[70],"addressed":[71],"immediately.":[72],"As":[73],"per":[74],"National":[76],"Vulnerability":[77],"Database,":[78],"152":[79],"have":[81,116],"already":[82],"been":[83],"first":[87],"five":[88],"months":[89],"year":[92],"2019.":[93],"A":[94],"varied":[95],"their":[101],"classification":[102,119],"exist":[103],"but":[104],"limited":[106],"a":[108,118],"specific":[109],"vulnerability.":[110],"In":[111],"this":[112],"paper,":[113],"authors":[115],"proposed":[117],"on":[125],"exhaustive":[126],"literature":[127],"survey.":[128],"The":[129,138],"approach/strategies":[130],"mitigate":[132],"these":[133],"also":[136],"presented.":[137],"work":[139],"will":[140,150],"help":[141],"developers":[144],"for":[145],"proposing":[146],"secure":[147],"parsers":[148],"thwart":[151],"such":[152],"attacks.":[153]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}