{"id":"https://openalex.org/W2767065145","doi":"https://doi.org/10.1109/scam.2017.20","title":"Detecting Security Vulnerabilities in Object-Oriented PHP Programs","display_name":"Detecting Security Vulnerabilities in Object-Oriented PHP Programs","publication_year":2017,"publication_date":"2017-09-01","ids":{"openalex":"https://openalex.org/W2767065145","doi":"https://doi.org/10.1109/scam.2017.20","mag":"2767065145"},"language":"en","primary_location":{"id":"doi:10.1109/scam.2017.20","is_oa":false,"landing_page_url":"https://doi.org/10.1109/scam.2017.20","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IEEE 17th International Working Conference on Source Code Analysis and Manipulation (SCAM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5032311062","display_name":"Mona Nashaat","orcid":"https://orcid.org/0000-0002-7580-5757"},"institutions":[{"id":"https://openalex.org/I154425047","display_name":"University of Alberta","ror":"https://ror.org/0160cpw27","country_code":"CA","type":"education","lineage":["https://openalex.org/I154425047"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Mona Nashaat","raw_affiliation_strings":["University of Alberta"],"affiliations":[{"raw_affiliation_string":"University of Alberta","institution_ids":["https://openalex.org/I154425047"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038781215","display_name":"Karim Ali","orcid":"https://orcid.org/0000-0002-5516-1376"},"institutions":[{"id":"https://openalex.org/I154425047","display_name":"University of Alberta","ror":"https://ror.org/0160cpw27","country_code":"CA","type":"education","lineage":["https://openalex.org/I154425047"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Karim Ali","raw_affiliation_strings":["University of Alberta"],"affiliations":[{"raw_affiliation_string":"University of Alberta","institution_ids":["https://openalex.org/I154425047"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5030495591","display_name":"James Miller","orcid":"https://orcid.org/0000-0001-5095-3000"},"institutions":[{"id":"https://openalex.org/I154425047","display_name":"University of Alberta","ror":"https://ror.org/0160cpw27","country_code":"CA","type":"education","lineage":["https://openalex.org/I154425047"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"James Miller","raw_affiliation_strings":["University of Alberta"],"affiliations":[{"raw_affiliation_string":"University of Alberta","institution_ids":["https://openalex.org/I154425047"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5032311062"],"corresponding_institution_ids":["https://openalex.org/I154425047"],"apc_list":null,"apc_paid":null,"fwci":0.9673,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.83293102,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"159","last_page":"164"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9865999817848206,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9789000153541565,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8521625995635986},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.839259684085846},{"id":"https://openalex.org/keywords/correctness","display_name":"Correctness","score":0.7933699488639832},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.7652521133422852},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6066661477088928},{"id":"https://openalex.org/keywords/application-security","display_name":"Application security","score":0.5717955231666565},{"id":"https://openalex.org/keywords/object","display_name":"Object (grammar)","score":0.49773314595222473},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.4905375838279724},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.483610063791275},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.4476451575756073},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.4235709607601166},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4139057993888855},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3476024270057678},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.32939469814300537},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.2674023509025574},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.2549641728401184},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.2504242956638336},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.23396435379981995},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.2011471688747406},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.18090710043907166},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.14396455883979797},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.1014489233493805},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.0925413966178894},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.06786319613456726}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8521625995635986},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.839259684085846},{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.7933699488639832},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.7652521133422852},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6066661477088928},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.5717955231666565},{"id":"https://openalex.org/C2781238097","wikidata":"https://www.wikidata.org/wiki/Q175026","display_name":"Object (grammar)","level":2,"score":0.49773314595222473},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.4905375838279724},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.483610063791275},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.4476451575756073},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.4235709607601166},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4139057993888855},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3476024270057678},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.32939469814300537},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.2674023509025574},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.2549641728401184},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2504242956638336},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.23396435379981995},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.2011471688747406},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.18090710043907166},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.14396455883979797},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.1014489233493805},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0925413966178894},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.06786319613456726}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/scam.2017.20","is_oa":false,"landing_page_url":"https://doi.org/10.1109/scam.2017.20","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IEEE 17th International Working Conference on Source Code Analysis and Manipulation (SCAM)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5600000023841858}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":15,"referenced_works":["https://openalex.org/W224445550","https://openalex.org/W241117969","https://openalex.org/W1536145689","https://openalex.org/W1548033283","https://openalex.org/W1663388364","https://openalex.org/W1761184020","https://openalex.org/W2070218579","https://openalex.org/W2085925880","https://openalex.org/W2086631206","https://openalex.org/W2111487235","https://openalex.org/W2141736632","https://openalex.org/W2148001343","https://openalex.org/W2563096791","https://openalex.org/W6609214399","https://openalex.org/W6637025983"],"related_works":["https://openalex.org/W2062583373","https://openalex.org/W1566131087","https://openalex.org/W2155353733","https://openalex.org/W4240401768","https://openalex.org/W2018644264","https://openalex.org/W4313307479","https://openalex.org/W4313400739","https://openalex.org/W2910962125","https://openalex.org/W2016754389","https://openalex.org/W4379530598"],"abstract_inverted_index":{"PHP":[0,41,53,82,93,114],"is":[1,17],"one":[2],"of":[3,23,32,45,64,103,132,139,150],"the":[4,18,24,30,62,81,137,148,159],"most":[5],"popular":[6],"web":[7],"development":[8,31,145],"tools":[9],"in":[10,40,67,92,107],"use":[11,63],"today.":[12],"A":[13],"major":[14],"concern":[15],"though":[16],"improper":[19],"and":[20,142],"insecure":[21],"uses":[22],"language":[25],"by":[26],"application":[27],"developers,":[28],"motivating":[29],"various":[33],"static":[34],"analyses":[35],"that":[36,79,99,120,161],"detect":[37],"security":[38,76,83,104,118],"vulnerabilities":[39,105,119],"programs.":[42],"However,":[43],"many":[44],"these":[46],"approaches":[47,66],"do":[48],"not":[49,122],"handle":[50],"recent,":[51],"important":[52],"features":[54,91],"such":[55,65],"as":[56],"object":[57],"orientation,":[58],"which":[59],"greatly":[60],"limits":[61],"practice.":[68],"In":[69],"this":[70],"paper,":[71],"we":[72],"present":[73],"OOPIXY,":[74],"a":[75,129],"analysis":[77],"tool":[78],"extends":[80],"analyzer":[84],"PIXY":[85],"to":[86,163],"support":[87],"reasoning":[88],"about":[89],"object-oriented":[90],"applications.":[94],"Our":[95],"empirical":[96],"evaluation":[97],"shows":[98],"OOPIXY":[100,116],"detects":[101,117],"88%":[102],"found":[106],"micro":[108],"benchmarks.":[109],"When":[110],"used":[111],"on":[112,157],"real-world":[113],"applications,":[115,141],"could":[121],"be":[123],"detected":[124],"using":[125],"state-of-the-art":[126],"tools,":[127],"retaining":[128],"high":[130],"level":[131],"precision.":[133],"We":[134],"have":[135],"contacted":[136],"maintainers":[138],"those":[140,164],"two":[143],"applications'":[144],"teams":[146],"verified":[147],"correctness":[149],"our":[151],"findings.":[152],"They":[153],"are":[154],"currently":[155],"working":[156],"fixing":[158],"bugs":[160],"lead":[162],"vulnerabilities.":[165]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":4},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}