{"id":"https://openalex.org/W3183235808","doi":"https://doi.org/10.1109/eit51626.2021.9491919","title":"Towards Tackling Common Web Application Vulnerabilities Using Secure Design Patterns","display_name":"Towards Tackling Common Web Application Vulnerabilities Using Secure Design Patterns","publication_year":2021,"publication_date":"2021-05-14","ids":{"openalex":"https://openalex.org/W3183235808","doi":"https://doi.org/10.1109/eit51626.2021.9491919","mag":"3183235808"},"language":"en","primary_location":{"id":"doi:10.1109/eit51626.2021.9491919","is_oa":false,"landing_page_url":"https://doi.org/10.1109/eit51626.2021.9491919","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Conference on Electro Information Technology (EIT)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5005963223","display_name":"Alok Chandrakant Ratnaparkhi","orcid":null},"institutions":[{"id":"https://openalex.org/I100633361","display_name":"University of Massachusetts Dartmouth","ror":"https://ror.org/00fzmm222","country_code":"US","type":"education","lineage":["https://openalex.org/I100633361"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alok Chandrakant Ratnaparkhi","raw_affiliation_strings":["University of Massachusetts Dartmouth, Dartmouth, U.S.A"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Massachusetts Dartmouth, Dartmouth, U.S.A","institution_ids":["https://openalex.org/I100633361"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100330500","display_name":"Yi Liu","orcid":"https://orcid.org/0000-0002-1571-5442"},"institutions":[{"id":"https://openalex.org/I100633361","display_name":"University of Massachusetts Dartmouth","ror":"https://ror.org/00fzmm222","country_code":"US","type":"education","lineage":["https://openalex.org/I100633361"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yi Liu","raw_affiliation_strings":["University of Massachusetts Dartmouth, Dartmouth, U.S.A"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Massachusetts Dartmouth, Dartmouth, U.S.A","institution_ids":["https://openalex.org/I100633361"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I100633361"],"apc_list":null,"apc_paid":null,"fwci":1.4227,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.85557952,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":97},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9905999898910522,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7607162594795227},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.550325334072113},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.45519009232521057},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.4205421805381775},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.41573601961135864},{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.4132269322872162},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.34312570095062256},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.2883591055870056},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.17879286408424377},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.1362052857875824},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.12351563572883606}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7607162594795227},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.550325334072113},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.45519009232521057},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.4205421805381775},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.41573601961135864},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.4132269322872162},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.34312570095062256},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.2883591055870056},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.17879286408424377},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.1362052857875824},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.12351563572883606},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/eit51626.2021.9491919","is_oa":false,"landing_page_url":"https://doi.org/10.1109/eit51626.2021.9491919","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Conference on Electro Information Technology (EIT)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W23242426","https://openalex.org/W79503960","https://openalex.org/W652748195","https://openalex.org/W1514888816","https://openalex.org/W1649645444","https://openalex.org/W1975655947","https://openalex.org/W2083241531","https://openalex.org/W2134521102","https://openalex.org/W2252272901","https://openalex.org/W2981809210","https://openalex.org/W2994922757","https://openalex.org/W2995965185","https://openalex.org/W3014227591","https://openalex.org/W3023420531","https://openalex.org/W3082251832","https://openalex.org/W6600897621","https://openalex.org/W6679960114","https://openalex.org/W6781990487"],"related_works":["https://openalex.org/W2070218579","https://openalex.org/W4385706035","https://openalex.org/W4238821156","https://openalex.org/W4319431564","https://openalex.org/W1527553591","https://openalex.org/W4256450364","https://openalex.org/W2276761883","https://openalex.org/W189846524","https://openalex.org/W2547817202","https://openalex.org/W2521071348"],"abstract_inverted_index":{"Many":[0],"software":[1,10],"vulnerabilities":[2,18,39,138],"originate":[3],"during":[4],"the":[5,9,20,41,45,103,106,117,121,136,140,144,152],"design":[6,14,21,56,67],"stage":[7],"of":[8,105,146],"development":[11],"process.":[12],"Secure":[13],"patterns":[15,47,68],"can":[16,124],"address":[17,126],"in":[19,109,139],"level.":[22],"However,":[23],"few":[24],"solid":[25],"research":[26],"studies":[27],"have":[28],"been":[29],"done":[30],"on":[31,80,143],"applying":[32],"secure":[33,66],"pat-terns":[34],"to":[35,52,69,101,156],"tackle":[36,70],"web":[37,71,84],"application":[38,72,85],"and":[40,90,128,133],"researchers":[42],"found":[43],"that":[44,120,151],"security":[46],"are":[48,135],"harder":[49],"for":[50,63],"developers":[51],"use":[53],"than":[54],"conventional":[55],"patterns.":[57],"This":[58],"paper":[59,95],"presents":[60],"an":[61],"approach":[62,153],"selecting":[64],"appropriate":[65],"vulnerabilities.":[73,130],"In":[74],"this":[75,147],"pilot":[76],"study,":[77,148],"we":[78,149],"focus":[79],"two":[81],"most":[82],"common":[83],"vulnerabilities:":[86],"SQL":[87],"injection":[88],"(SQLi)":[89],"Cross-site":[91],"scripting":[92],"(XSS).":[93],"The":[94,114],"also":[96],"uses":[97],"a":[98,111],"case":[99],"study":[100],"demonstrate":[102],"implementation":[104],"chosen":[107],"pattern":[108,123],"redesigning":[110],"vulnerable":[112],"application.":[113],"results":[115],"from":[116],"evaluation":[118],"show":[119],"proposed":[122],"effectively":[125],"SQLi":[127,132],"XSS":[129,134],"Although":[131],"targeted":[137],"approach,":[141],"based":[142],"success":[145],"believe":[150],"is":[154],"promising":[155],"be":[157],"applied":[158],"more":[159],"generally.":[160]},"counts_by_year":[{"year":2024,"cited_by_count":3},{"year":2022,"cited_by_count":2}],"updated_date":"2026-06-26T08:34:08.712188","created_date":"2025-10-10T00:00:00"}
