{"id":"https://openalex.org/W4242704962","doi":"https://doi.org/10.1109/icse.2013.6606611","title":"Path sensitive static analysis of web applications for remote code execution vulnerability detection","display_name":"Path sensitive static analysis of web applications for remote code execution vulnerability detection","publication_year":2013,"publication_date":"2013-05-01","ids":{"openalex":"https://openalex.org/W4242704962","doi":"https://doi.org/10.1109/icse.2013.6606611"},"language":"en","primary_location":{"id":"doi:10.1109/icse.2013.6606611","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icse.2013.6606611","pdf_url":null,"source":{"id":"https://openalex.org/S4363607951","display_name":"2013 35th International Conference on Software Engineering (ICSE)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 35th International Conference on Software Engineering (ICSE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5039824895","display_name":"Yunhui Zheng","orcid":"https://orcid.org/0000-0002-6794-3199"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yunhui Zheng","raw_affiliation_strings":["Department of Computer Science, Purdue University, West Lafayette, IN, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100362457","display_name":"Xiangyu Zhang","orcid":"https://orcid.org/0000-0002-5273-4765"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiangyu Zhang","raw_affiliation_strings":["Department of Computer Science, Purdue University, West Lafayette, IN, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":4.9378,"has_fulltext":false,"cited_by_count":58,"citation_normalized_percentile":{"value":0.95740466,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"652","last_page":"661"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9782999753952026,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.9558014869689941},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.868874728679657},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.7556447386741638},{"id":"https://openalex.org/keywords/string","display_name":"String (physics)","score":0.6837161183357239},{"id":"https://openalex.org/keywords/path","display_name":"Path (computing)","score":0.5631837248802185},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.5604143142700195},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5461633205413818},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5408625602722168},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5360368490219116},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5071849822998047},{"id":"https://openalex.org/keywords/symbolic-execution","display_name":"Symbolic execution","score":0.48043012619018555},{"id":"https://openalex.org/keywords/web-server","display_name":"Web server","score":0.43163707852363586},{"id":"https://openalex.org/keywords/server-side","display_name":"Server-side","score":0.43038511276245117},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4301999509334564},{"id":"https://openalex.org/keywords/client-side","display_name":"Client-side","score":0.42070603370666504},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.3623260259628296},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.35974034667015076},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.2763713598251343},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.2697122097015381},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.23292607069015503},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.12057575583457947},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.08038687705993652}],"concepts":[{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.9558014869689941},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.868874728679657},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.7556447386741638},{"id":"https://openalex.org/C157486923","wikidata":"https://www.wikidata.org/wiki/Q1376436","display_name":"String (physics)","level":2,"score":0.6837161183357239},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.5631837248802185},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.5604143142700195},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5461633205413818},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5408625602722168},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5360368490219116},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5071849822998047},{"id":"https://openalex.org/C2779639559","wikidata":"https://www.wikidata.org/wiki/Q7661178","display_name":"Symbolic execution","level":3,"score":0.48043012619018555},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.43163707852363586},{"id":"https://openalex.org/C14414571","wikidata":"https://www.wikidata.org/wiki/Q519081","display_name":"Server-side","level":2,"score":0.43038511276245117},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4301999509334564},{"id":"https://openalex.org/C202477664","wikidata":"https://www.wikidata.org/wiki/Q1352449","display_name":"Client-side","level":2,"score":0.42070603370666504},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.3623260259628296},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.35974034667015076},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2763713598251343},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.2697122097015381},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.23292607069015503},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.12057575583457947},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.08038687705993652},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icse.2013.6606611","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icse.2013.6606611","pdf_url":null,"source":{"id":"https://openalex.org/S4363607951","display_name":"2013 35th International Conference on Software Engineering (ICSE)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 35th International Conference on Software Engineering (ICSE)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7699999809265137,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":34,"referenced_works":["https://openalex.org/W1492437080","https://openalex.org/W1543478129","https://openalex.org/W1834251436","https://openalex.org/W1980694458","https://openalex.org/W2007842496","https://openalex.org/W2008158744","https://openalex.org/W2035096212","https://openalex.org/W2049214202","https://openalex.org/W2050853996","https://openalex.org/W2062814932","https://openalex.org/W2088018315","https://openalex.org/W2094568767","https://openalex.org/W2103714221","https://openalex.org/W2104661281","https://openalex.org/W2110318050","https://openalex.org/W2117402063","https://openalex.org/W2122141789","https://openalex.org/W2124377830","https://openalex.org/W2125357166","https://openalex.org/W2129538349","https://openalex.org/W2138124253","https://openalex.org/W2147656091","https://openalex.org/W2151619740","https://openalex.org/W2166822586","https://openalex.org/W2170920217","https://openalex.org/W2404990348","https://openalex.org/W3139690144","https://openalex.org/W3142781658","https://openalex.org/W4242157899","https://openalex.org/W4243090054","https://openalex.org/W6632184740","https://openalex.org/W6638655898","https://openalex.org/W6679495168","https://openalex.org/W6713697576"],"related_works":["https://openalex.org/W2571973613","https://openalex.org/W2609132699","https://openalex.org/W3197726148","https://openalex.org/W2104452318","https://openalex.org/W2024474165","https://openalex.org/W2743909715","https://openalex.org/W2148211687","https://openalex.org/W2799662300","https://openalex.org/W2541278968","https://openalex.org/W4313523259"],"abstract_inverted_index":{"Remote":[0],"code":[1],"execution":[2,66],"(RCE)":[3],"attacks":[4,39],"are":[5],"one":[6],"of":[7,21,43,48,90,98],"the":[8,54,59,69,93,110],"most":[9],"prominent":[10],"security":[11],"threats":[12],"for":[13],"web":[14,100],"applications.":[15,130],"It":[16,107],"is":[17],"a":[18,74,87,99,103,120],"special":[19],"kind":[20],"cross-site-scripting":[22],"(XSS)":[23],"attack":[24],"that":[25],"allows":[26],"client":[27,55],"inputs":[28,52],"to":[29,57,80],"be":[30],"stored":[31],"and":[32,46,50,63,76,95,123],"executed":[33],"as":[34],"server":[35,70],"side":[36,56],"scripts.":[37],"RCE":[38,82,116,136],"often":[40],"require":[41],"coordination":[42],"multiple":[44],"requests":[45],"manipulation":[47],"string":[49,94],"non-string":[51,96],"from":[53],"nullify":[58],"access":[60],"control":[61],"protocol":[62],"induce":[64],"unusual":[65],"paths":[67],"on":[68,126],"side.":[71],"We":[72,118,131],"propose":[73],"path-":[75],"context-sensitive":[77],"interprocedural":[78],"analysis":[79,85],"detect":[81],"vulnerabilities.":[83],"The":[84],"features":[86],"novel":[88],"way":[89],"analyzing":[91],"both":[92],"behavior":[97],"application":[101],"in":[102],"path":[104],"sensitive":[105],"fashion.":[106],"thoroughly":[108],"handles":[109],"practical":[111],"challenges":[112],"entailed":[113],"by":[114],"modeling":[115],"attacks.":[117],"develop":[119],"prototype":[121],"system":[122],"evaluate":[124],"it":[125],"ten":[127],"real-world":[128],"PHP":[129],"have":[132],"identified":[133],"21":[134],"true":[135],"vulnerabilities,":[137],"with":[138],"8":[139],"unreported":[140],"before.":[141]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":8},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":6},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":5},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":8},{"year":2016,"cited_by_count":4},{"year":2015,"cited_by_count":5},{"year":2014,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}