{"id":"https://openalex.org/W2896978535","doi":"https://doi.org/10.1109/iscisc.2017.8488361","title":"WAVE: Black Box Detection of XSS, CSRF and Information Leakage Vulnerabilities","display_name":"WAVE: Black Box Detection of XSS, CSRF and Information Leakage Vulnerabilities","publication_year":2017,"publication_date":"2017-09-01","ids":{"openalex":"https://openalex.org/W2896978535","doi":"https://doi.org/10.1109/iscisc.2017.8488361","mag":"2896978535"},"language":"en","primary_location":{"id":"doi:10.1109/iscisc.2017.8488361","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscisc.2017.8488361","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 14th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5050492789","display_name":"Hamed Soleimani","orcid":"https://orcid.org/0000-0002-9106-8291"},"institutions":[{"id":"https://openalex.org/I78323350","display_name":"Malek Ashtar University of Technology","ror":"https://ror.org/0043ezw98","country_code":"IR","type":"education","lineage":["https://openalex.org/I78323350"]}],"countries":["IR"],"is_corresponding":true,"raw_author_name":"Hamed Soleimani","raw_affiliation_strings":["Institute for Research on Information and Communications Security, Malek-e-Ashtar University of Technology, Tehran, Iran"],"affiliations":[{"raw_affiliation_string":"Institute for Research on Information and Communications Security, Malek-e-Ashtar University of Technology, Tehran, Iran","institution_ids":["https://openalex.org/I78323350"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028748396","display_name":"Mohmmad Ali Hadavi","orcid":null},"institutions":[{"id":"https://openalex.org/I78323350","display_name":"Malek Ashtar University of Technology","ror":"https://ror.org/0043ezw98","country_code":"IR","type":"education","lineage":["https://openalex.org/I78323350"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Mohmmad Ali Hadavi","raw_affiliation_strings":["Institute for Research on Information and Communications Security, Malek-e-Ashtar University of Technology, Tehran, Iran"],"affiliations":[{"raw_affiliation_string":"Institute for Research on Information and Communications Security, Malek-e-Ashtar University of Technology, Tehran, Iran","institution_ids":["https://openalex.org/I78323350"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5026383400","display_name":"Arash Bagherdaei","orcid":null},"institutions":[{"id":"https://openalex.org/I78323350","display_name":"Malek Ashtar University of Technology","ror":"https://ror.org/0043ezw98","country_code":"IR","type":"education","lineage":["https://openalex.org/I78323350"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Arash Bagherdaei","raw_affiliation_strings":["Institute for Research on Information and Communications Security, Malek-e-Ashtar University of Technology, Tehran, Iran"],"affiliations":[{"raw_affiliation_string":"Institute for Research on Information and Communications Security, Malek-e-Ashtar University of Technology, Tehran, Iran","institution_ids":["https://openalex.org/I78323350"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5050492789"],"corresponding_institution_ids":["https://openalex.org/I78323350"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.35456441,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"19","last_page":"24"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.991599977016449,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9907000064849854,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.9674768447875977},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8294435739517212},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.6849367618560791},{"id":"https://openalex.org/keywords/information-leakage","display_name":"Information leakage","score":0.6834852695465088},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5395052433013916},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.519108772277832},{"id":"https://openalex.org/keywords/black-box","display_name":"Black box","score":0.466645747423172},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4656658172607422},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.4264181852340698},{"id":"https://openalex.org/keywords/web-page","display_name":"Web page","score":0.38183435797691345},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.3598877489566803},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3579249083995819},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.16407635807991028},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.14638394117355347},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.09848642349243164},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.08871027827262878}],"concepts":[{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.9674768447875977},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8294435739517212},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.6849367618560791},{"id":"https://openalex.org/C2779201187","wikidata":"https://www.wikidata.org/wiki/Q2775060","display_name":"Information leakage","level":2,"score":0.6834852695465088},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5395052433013916},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.519108772277832},{"id":"https://openalex.org/C94966114","wikidata":"https://www.wikidata.org/wiki/Q29256","display_name":"Black box","level":2,"score":0.466645747423172},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4656658172607422},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.4264181852340698},{"id":"https://openalex.org/C21959979","wikidata":"https://www.wikidata.org/wiki/Q36774","display_name":"Web page","level":2,"score":0.38183435797691345},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.3598877489566803},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3579249083995819},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.16407635807991028},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.14638394117355347},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.09848642349243164},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.08871027827262878}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iscisc.2017.8488361","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscisc.2017.8488361","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 14th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.47999998927116394,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W1530467221","https://openalex.org/W1983801562","https://openalex.org/W2049123707","https://openalex.org/W2096409818","https://openalex.org/W2102457045","https://openalex.org/W2149801502","https://openalex.org/W2153106208","https://openalex.org/W2181379919","https://openalex.org/W2288652276","https://openalex.org/W2587882513","https://openalex.org/W4285719527","https://openalex.org/W6631486407","https://openalex.org/W6685865359"],"related_works":["https://openalex.org/W2548409577","https://openalex.org/W1531015913","https://openalex.org/W2997044556","https://openalex.org/W3180404666","https://openalex.org/W2407701912","https://openalex.org/W1484631816","https://openalex.org/W2167752994","https://openalex.org/W2907218437","https://openalex.org/W2181766705","https://openalex.org/W2295858576"],"abstract_inverted_index":{"In":[0,116],"this":[1],"paper":[2],"we":[3,83,102,118],"propose":[4],"a":[5,38,146,161],"black-box":[6],"method":[7,142],"to":[8,27,52,61,78,96,110,130],"detect":[9],"web":[10,92,175],"application":[11,93],"vulnerabilities":[12,70,127],"including":[13],"XSS,":[14],"CSRF":[15,114],"and":[16,42,113],"information":[17,75,86],"leakage,":[18],"for":[19,171],"which":[20],"existing":[21],"vulnerability":[22,138],"scanners":[23],"have":[24],"little":[25],"power":[26],"detect.":[28],"Cross":[29,43],"Site":[30,44],"Scripting":[31],"(XSS)":[32],"involves":[33],"echoing":[34],"attacker-supplied":[35],"code":[36],"into":[37],"user's":[39,50],"browser":[40,51],"instance,":[41],"Request":[45],"Forgery":[46],"(CSRF)":[47],"forces":[48],"the":[49,65,91,104,122,125,131,134,137],"request":[53],"actions":[54],"without":[55],"user":[56],"awareness.":[57],"Information":[58],"flow":[59,87,135],"due":[60],"client-server":[62],"interactions":[63],"is":[64,143,180],"root":[66],"cause":[67],"of":[68,74,90,124,133,164,174],"these":[69],"as":[71,73,136,145],"well":[72],"leakage.":[76],"According":[77],"this,":[79],"in":[80],"our":[81],"method,":[82],"first":[84],"analyze":[85],"between":[88],"users":[89],"under":[94],"evaluation":[95,155],"extract":[97],"potentially":[98],"vulnerable":[99],"flows.":[100],"Then,":[101],"examine":[103],"flows":[105],"by":[106],"sending":[107],"special":[108],"requests":[109],"discover":[111],"XSS":[112],"vulnerabilities.":[115],"addition,":[117],"qualitatively":[119],"discuss":[120],"on":[121],"risk":[123],"discovered":[126],"with":[128],"respect":[129],"analysis":[132,173,179],"origin.":[139],"The":[140,154],"proposed":[141],"implemented":[144],"Web":[147],"Application":[148],"Vulnerability":[149],"dEtection":[150],"tool,":[151],"called":[152],"\"WAVE\".":[153],"results":[156],"show":[157],"that":[158],"WAVE,":[159],"having":[160],"low":[162],"rate":[163],"false":[165],"negative,":[166],"can":[167],"be":[168],"reliably":[169],"used":[170],"security":[172],"applications":[176],"when":[177],"static":[178],"not":[181],"possible.":[182]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}