{"id":"https://openalex.org/W4235141498","doi":"https://doi.org/10.1109/iwast.2013.6595794","title":"XSS pattern for attack modeling in testing","display_name":"XSS pattern for attack modeling in testing","publication_year":2013,"publication_date":"2013-05-01","ids":{"openalex":"https://openalex.org/W4235141498","doi":"https://doi.org/10.1109/iwast.2013.6595794"},"language":"en","primary_location":{"id":"doi:10.1109/iwast.2013.6595794","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iwast.2013.6595794","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 8th International Workshop on Automation of Software Test (AST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5040492454","display_name":"Josip Bo\u017ei\u0107","orcid":"https://orcid.org/0000-0001-6086-8846"},"institutions":[{"id":"https://openalex.org/I4092182","display_name":"Graz University of Technology","ror":"https://ror.org/00d7xrm67","country_code":"AT","type":"education","lineage":["https://openalex.org/I4092182"]}],"countries":["AT"],"is_corresponding":true,"raw_author_name":"Josip Bozic","raw_affiliation_strings":["Institute for Software Technology, Graz University of Technology, Graz, Austria"],"affiliations":[{"raw_affiliation_string":"Institute for Software Technology, Graz University of Technology, Graz, Austria","institution_ids":["https://openalex.org/I4092182"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5011388533","display_name":"Franz Wotawa","orcid":"https://orcid.org/0000-0002-0462-2283"},"institutions":[{"id":"https://openalex.org/I4092182","display_name":"Graz University of Technology","ror":"https://ror.org/00d7xrm67","country_code":"AT","type":"education","lineage":["https://openalex.org/I4092182"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Franz Wotawa","raw_affiliation_strings":["Institute for Software Technology, Graz University of Technology, Graz, Austria"],"affiliations":[{"raw_affiliation_string":"Institute for Software Technology, Graz University of Technology, Graz, Austria","institution_ids":["https://openalex.org/I4092182"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5040492454"],"corresponding_institution_ids":["https://openalex.org/I4092182"],"apc_list":null,"apc_paid":null,"fwci":8.17221659,"has_fulltext":false,"cited_by_count":21,"citation_normalized_percentile":{"value":0.97243644,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"71","last_page":"74"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8596022129058838},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.7368289232254028},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.5438746213912964},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.5331721901893616},{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.5326777100563049},{"id":"https://openalex.org/keywords/symbolic-execution","display_name":"Symbolic execution","score":0.5084885358810425},{"id":"https://openalex.org/keywords/model-based-testing","display_name":"Model-based testing","score":0.4937337338924408},{"id":"https://openalex.org/keywords/test-case","display_name":"Test case","score":0.48881837725639343},{"id":"https://openalex.org/keywords/white-box-testing","display_name":"White-box testing","score":0.4643310606479645},{"id":"https://openalex.org/keywords/unified-modeling-language","display_name":"Unified Modeling Language","score":0.43894466757774353},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4166608154773712},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.3560042381286621},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.3130488693714142},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.27117854356765747},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.2584264874458313},{"id":"https://openalex.org/keywords/software-construction","display_name":"Software construction","score":0.16502544283866882},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.14592400193214417}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8596022129058838},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.7368289232254028},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.5438746213912964},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.5331721901893616},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.5326777100563049},{"id":"https://openalex.org/C2779639559","wikidata":"https://www.wikidata.org/wiki/Q7661178","display_name":"Symbolic execution","level":3,"score":0.5084885358810425},{"id":"https://openalex.org/C165825675","wikidata":"https://www.wikidata.org/wiki/Q1399743","display_name":"Model-based testing","level":4,"score":0.4937337338924408},{"id":"https://openalex.org/C128942645","wikidata":"https://www.wikidata.org/wiki/Q1568346","display_name":"Test case","level":3,"score":0.48881837725639343},{"id":"https://openalex.org/C162443782","wikidata":"https://www.wikidata.org/wiki/Q1066228","display_name":"White-box testing","level":5,"score":0.4643310606479645},{"id":"https://openalex.org/C145644426","wikidata":"https://www.wikidata.org/wiki/Q169411","display_name":"Unified Modeling Language","level":3,"score":0.43894466757774353},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4166608154773712},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3560042381286621},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.3130488693714142},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.27117854356765747},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2584264874458313},{"id":"https://openalex.org/C186846655","wikidata":"https://www.wikidata.org/wiki/Q3398377","display_name":"Software construction","level":4,"score":0.16502544283866882},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.14592400193214417},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.0},{"id":"https://openalex.org/C152877465","wikidata":"https://www.wikidata.org/wiki/Q208042","display_name":"Regression analysis","level":2,"score":0.0},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iwast.2013.6595794","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iwast.2013.6595794","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 8th International Workshop on Automation of Software Test (AST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W116656696","https://openalex.org/W197713628","https://openalex.org/W1584652999","https://openalex.org/W1893201640","https://openalex.org/W2018704560","https://openalex.org/W2065948900","https://openalex.org/W2095767669","https://openalex.org/W2114298495","https://openalex.org/W2126820083","https://openalex.org/W2129906605","https://openalex.org/W2143922826","https://openalex.org/W2166381878","https://openalex.org/W2948004622","https://openalex.org/W3100908892","https://openalex.org/W4237936646","https://openalex.org/W6639496421","https://openalex.org/W6763427898"],"related_works":["https://openalex.org/W2801797726","https://openalex.org/W2785720764","https://openalex.org/W2186070848","https://openalex.org/W4285245977","https://openalex.org/W3203826058","https://openalex.org/W2611265297","https://openalex.org/W2780750120","https://openalex.org/W3104446232","https://openalex.org/W4290048282","https://openalex.org/W2914996832"],"abstract_inverted_index":{"Security":[0],"issues":[1],"of":[2,10,17,31,53,57,91,118,130,133,146,153,171],"web":[3],"applications":[4,55],"are":[5],"still":[6],"a":[7,154,178,187],"current":[8,169],"topic":[9],"interest":[11],"especially":[12],"when":[13],"considering":[14],"the":[15,58,70,76,92,103,126,131,168,184],"consequences":[16],"unintended":[18],"behaviour.":[19],"Such":[20],"services":[21,35],"might":[22],"handle":[23],"sensitive":[24],"data":[25],"about":[26],"several":[27,96,110],"thousands":[28],"or":[29,36],"millions":[30],"users.":[32],"Hence,":[33],"exploiting":[34],"other":[37],"undesired":[38],"effects":[39],"that":[40,108,143],"cause":[41],"harm":[42],"on":[43,128],"users":[44],"has":[45],"to":[46,65],"be":[47],"avoided.":[48],"Therefore,":[49],"for":[50,158],"software":[51,71],"developers":[52],"such":[54],"one":[56,90],"major":[59],"tasks":[60],"in":[61,80,101,151,186],"providing":[62],"security":[63],"is":[64],"embed":[66],"testing":[67,87,102,175],"methodologies":[68,93],"into":[69],"development":[72],"cycle,":[73],"thus":[74],"minimizing":[75],"subsequent":[77],"damage":[78],"resulting":[79],"debugging":[81],"and":[82,98,120,162,182],"time":[83],"intensive":[84],"upgrading.":[85],"Model-based":[86],"evolved":[88],"as":[89],"which":[94],"offer":[95],"theoretical":[97],"practical":[99],"approaches":[100],"system":[104],"under":[105],"test":[106,159],"(SUT)":[107],"combine":[109],"input":[111],"generation":[112,161],"strategies":[113],"like":[114],"mutation":[115],"testing,":[116],"using":[117,177],"concrete":[119],"symbolic":[121],"execution":[122,185],"etc.":[123],"by":[124],"putting":[125],"emphasis":[127],"specification":[129],"model":[132,150],"an":[134,141,147],"application.":[135],"In":[136],"this":[137],"work":[138],"we":[139],"propose":[140],"approach":[142],"makes":[144],"use":[145],"attack":[148,173,180],"pattern":[149,174,181],"form":[152],"UML":[155],"state":[156],"machine":[157],"case":[160,188],"execution.":[163],"The":[164],"paper":[165],"also":[166],"discusses":[167],"implementation":[170],"our":[172],"tool":[176],"XSS":[179],"demonstrates":[183],"study.":[189]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":5},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":3},{"year":2015,"cited_by_count":4},{"year":2014,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}