{"id":"https://openalex.org/W2288652276","doi":"https://doi.org/10.1109/icitst.2015.7412085","title":"Analysis of effectiveness of black-box web application scanners in detection of stored SQL injection and stored XSS vulnerabilities","display_name":"Analysis of effectiveness of black-box web application scanners in detection of stored SQL injection and stored XSS vulnerabilities","publication_year":2015,"publication_date":"2015-12-01","ids":{"openalex":"https://openalex.org/W2288652276","doi":"https://doi.org/10.1109/icitst.2015.7412085","mag":"2288652276"},"language":"en","primary_location":{"id":"doi:10.1109/icitst.2015.7412085","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icitst.2015.7412085","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 10th International Conference for Internet Technology and Secured Transactions (ICITST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5012501238","display_name":"Muhammad Parvez","orcid":null},"institutions":[{"id":"https://openalex.org/I131564278","display_name":"Concordia University of Edmonton","ror":"https://ror.org/04013rx15","country_code":"CA","type":"education","lineage":["https://openalex.org/I131564278"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Muhammad Parvez","raw_affiliation_strings":["Information System Security Management Concordia University of Edmonton, Edmonton, Alberta, Canada"],"affiliations":[{"raw_affiliation_string":"Information System Security Management Concordia University of Edmonton, Edmonton, Alberta, Canada","institution_ids":["https://openalex.org/I131564278"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079319898","display_name":"Pavol Zavarsky","orcid":null},"institutions":[{"id":"https://openalex.org/I131564278","display_name":"Concordia University of Edmonton","ror":"https://ror.org/04013rx15","country_code":"CA","type":"education","lineage":["https://openalex.org/I131564278"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Pavol Zavarsky","raw_affiliation_strings":["Information System Security Management Concordia University of Edmonton, Edmonton, Alberta, Canada"],"affiliations":[{"raw_affiliation_string":"Information System Security Management Concordia University of Edmonton, Edmonton, Alberta, Canada","institution_ids":["https://openalex.org/I131564278"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5027119543","display_name":"Nidal Khoury","orcid":null},"institutions":[{"id":"https://openalex.org/I4210113654","display_name":"IBM (Canada)","ror":"https://ror.org/025sxka56","country_code":"CA","type":"company","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210113654"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Nidal Khoury","raw_affiliation_strings":["IBM Canada, Toronto, Ontario, Canada"],"affiliations":[{"raw_affiliation_string":"IBM Canada, Toronto, Ontario, Canada","institution_ids":["https://openalex.org/I4210113654"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5012501238"],"corresponding_institution_ids":["https://openalex.org/I131564278"],"apc_list":null,"apc_paid":null,"fwci":3.973,"has_fulltext":false,"cited_by_count":34,"citation_normalized_percentile":{"value":0.94366999,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"186","last_page":"191"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9890000224113464,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9528999924659729,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.9799817800521851},{"id":"https://openalex.org/keywords/sql-injection","display_name":"SQL injection","score":0.908537745475769},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8154698014259338},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.6306778192520142},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.581362247467041},{"id":"https://openalex.org/keywords/black-box","display_name":"Black box","score":0.5076225996017456},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.4368683695793152},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3333171308040619},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.32468798756599426},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2405722439289093},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.19597938656806946},{"id":"https://openalex.org/keywords/web-page","display_name":"Web page","score":0.1846480369567871},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.1415165662765503},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.05583846569061279}],"concepts":[{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.9799817800521851},{"id":"https://openalex.org/C150451098","wikidata":"https://www.wikidata.org/wiki/Q506059","display_name":"SQL injection","level":5,"score":0.908537745475769},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8154698014259338},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.6306778192520142},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.581362247467041},{"id":"https://openalex.org/C94966114","wikidata":"https://www.wikidata.org/wiki/Q29256","display_name":"Black box","level":2,"score":0.5076225996017456},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.4368683695793152},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3333171308040619},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.32468798756599426},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2405722439289093},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.19597938656806946},{"id":"https://openalex.org/C21959979","wikidata":"https://www.wikidata.org/wiki/Q36774","display_name":"Web page","level":2,"score":0.1846480369567871},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.1415165662765503},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.05583846569061279},{"id":"https://openalex.org/C97854310","wikidata":"https://www.wikidata.org/wiki/Q19541","display_name":"Search engine","level":2,"score":0.0},{"id":"https://openalex.org/C164120249","wikidata":"https://www.wikidata.org/wiki/Q995982","display_name":"Web search query","level":3,"score":0.0},{"id":"https://openalex.org/C194222762","wikidata":"https://www.wikidata.org/wiki/Q114486","display_name":"Query by Example","level":4,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icitst.2015.7412085","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icitst.2015.7412085","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 10th International Conference for Internet Technology and Secured Transactions (ICITST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":6,"referenced_works":["https://openalex.org/W1489243061","https://openalex.org/W1530467221","https://openalex.org/W1979931683","https://openalex.org/W2066237335","https://openalex.org/W2545525312","https://openalex.org/W6666856713"],"related_works":["https://openalex.org/W4312406950","https://openalex.org/W3188339517","https://openalex.org/W2611747598","https://openalex.org/W2549898710","https://openalex.org/W2166381878","https://openalex.org/W2955734438","https://openalex.org/W4256450364","https://openalex.org/W4385706035","https://openalex.org/W4238821156","https://openalex.org/W189846524"],"abstract_inverted_index":{"Stored":[0,5],"SQL":[1],"injection":[2],"(SQLI)":[3],"and":[4,44,57,76,93,110,139],"Cross":[6],"Site":[7],"Scripting":[8],"(XSS)":[9],"are":[10,67],"the":[11,42,64,86,117,122],"top":[12],"most":[13],"critical":[14],"web":[15,50],"application":[16,51],"vulnerabilities":[17],"in":[18,32,71,106,135],"present":[19],"time.":[20],"Previous":[21],"researches":[22],"have":[23,28],"shown":[24],"that":[25,63,99,129],"black-box":[26,49],"scanners":[27,53,66,102,134],"relatively":[29],"poor":[30],"performance":[31,43,70,120,132],"detecting":[33,107,136],"these":[34],"two":[35],"vulnerabilities.":[36,113,142],"In":[37,114],"this":[38],"paper,":[39],"we":[40],"analyze":[41],"detection":[45,72],"capabilities":[46,88],"of":[47,73,119,127,133],"latest":[48],"security":[52],"against":[54],"stored":[55,58,74,77,91,94,108,111,137,140],"SQLI":[56,75,92,109,138],"XSS.":[59,78,95],"Our":[60,96],"analysis":[61,97],"shows":[62],"recent":[65],"showing":[68],"improved":[69],"We":[79],"developed":[80],"our":[81],"custom":[82],"test-bed":[83],"to":[84,89,116],"challenge":[85],"scanners'":[87],"detect":[90],"revealed":[98],"black":[100],"box":[101],"still":[103],"need":[104],"improvements":[105],"XSS":[112,141],"addition":[115],"results":[118],"tests,":[121],"paper":[123],"provides":[124],"a":[125],"set":[126],"recommendations":[128],"could":[130],"enhance":[131]},"counts_by_year":[{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":11},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":3},{"year":2017,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}