{"id":"https://openalex.org/W1555317716","doi":"https://doi.org/10.1109/snpd.2015.7176244","title":"Web application security vulnerabilities detection approaches: A systematic mapping study","display_name":"Web application security vulnerabilities detection approaches: A systematic mapping study","publication_year":2015,"publication_date":"2015-06-01","ids":{"openalex":"https://openalex.org/W1555317716","doi":"https://doi.org/10.1109/snpd.2015.7176244","mag":"1555317716"},"language":"en","primary_location":{"id":"doi:10.1109/snpd.2015.7176244","is_oa":false,"landing_page_url":"https://doi.org/10.1109/snpd.2015.7176244","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE/ACIS 16th International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5063447334","display_name":"Sajjad Rafique","orcid":null},"institutions":[{"id":"https://openalex.org/I200749728","display_name":"Pir Mehr Ali Shah Arid Agriculture University","ror":"https://ror.org/035zn2q74","country_code":"PK","type":"education","lineage":["https://openalex.org/I200749728"]}],"countries":["PK"],"is_corresponding":true,"raw_author_name":"Sajjad Rafique","raw_affiliation_strings":["Department of Computer Science, PMAS-Arid Agriculture University, Rawalpindi, Pakistan","Department of Computer Science, University Institute of Information Technology, PMAS-Arid Agriculture University Rawalpindi, Pakistan"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, PMAS-Arid Agriculture University, Rawalpindi, Pakistan","institution_ids":["https://openalex.org/I200749728"]},{"raw_affiliation_string":"Department of Computer Science, University Institute of Information Technology, PMAS-Arid Agriculture University Rawalpindi, Pakistan","institution_ids":["https://openalex.org/I200749728"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027472030","display_name":"Mamoona Humayun","orcid":"https://orcid.org/0000-0001-6339-2257"},"institutions":[{"id":"https://openalex.org/I200749728","display_name":"Pir Mehr Ali Shah Arid Agriculture University","ror":"https://ror.org/035zn2q74","country_code":"PK","type":"education","lineage":["https://openalex.org/I200749728"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Mamoona Humayun","raw_affiliation_strings":["Department of Computer Science, PMAS-Arid Agriculture University, Rawalpindi, Pakistan","Department of Computer Science, University Institute of Information Technology, PMAS-Arid Agriculture University Rawalpindi, Pakistan"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, PMAS-Arid Agriculture University, Rawalpindi, Pakistan","institution_ids":["https://openalex.org/I200749728"]},{"raw_affiliation_string":"Department of Computer Science, University Institute of Information Technology, PMAS-Arid Agriculture University Rawalpindi, Pakistan","institution_ids":["https://openalex.org/I200749728"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089963642","display_name":"Bushra Hamid","orcid":"https://orcid.org/0009-0003-3169-4519"},"institutions":[{"id":"https://openalex.org/I200749728","display_name":"Pir Mehr Ali Shah Arid Agriculture University","ror":"https://ror.org/035zn2q74","country_code":"PK","type":"education","lineage":["https://openalex.org/I200749728"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Bushra Hamid","raw_affiliation_strings":["Department of Computer Science, PMAS-Arid Agriculture University, Rawalpindi, Pakistan","Department of Computer Science, University Institute of Information Technology, PMAS-Arid Agriculture University Rawalpindi, Pakistan"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, PMAS-Arid Agriculture University, Rawalpindi, Pakistan","institution_ids":["https://openalex.org/I200749728"]},{"raw_affiliation_string":"Department of Computer Science, University Institute of Information Technology, PMAS-Arid Agriculture University Rawalpindi, Pakistan","institution_ids":["https://openalex.org/I200749728"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5040744620","display_name":"Ansar Abbas","orcid":"https://orcid.org/0000-0003-4521-1920"},"institutions":[{"id":"https://openalex.org/I200749728","display_name":"Pir Mehr Ali Shah Arid Agriculture University","ror":"https://ror.org/035zn2q74","country_code":"PK","type":"education","lineage":["https://openalex.org/I200749728"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Ansar Abbas","raw_affiliation_strings":["Department of Computer Science, PMAS-Arid Agriculture University, Rawalpindi, Pakistan","Department of Computer Science, University Institute of Information Technology, PMAS-Arid Agriculture University Rawalpindi, Pakistan"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, PMAS-Arid Agriculture University, Rawalpindi, Pakistan","institution_ids":["https://openalex.org/I200749728"]},{"raw_affiliation_string":"Department of Computer Science, University Institute of Information Technology, PMAS-Arid Agriculture University Rawalpindi, Pakistan","institution_ids":["https://openalex.org/I200749728"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109866938","display_name":"Muhammad Tanveer Akhtar","orcid":null},"institutions":[{"id":"https://openalex.org/I200749728","display_name":"Pir Mehr Ali Shah Arid Agriculture University","ror":"https://ror.org/035zn2q74","country_code":"PK","type":"education","lineage":["https://openalex.org/I200749728"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Muhammad Akhtar","raw_affiliation_strings":["Department of Computer Science, PMAS-Arid Agriculture University, Rawalpindi, Pakistan","Department of Computer Science, University Institute of Information Technology, PMAS-Arid Agriculture University Rawalpindi, Pakistan"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, PMAS-Arid Agriculture University, Rawalpindi, Pakistan","institution_ids":["https://openalex.org/I200749728"]},{"raw_affiliation_string":"Department of Computer Science, University Institute of Information Technology, PMAS-Arid Agriculture University Rawalpindi, Pakistan","institution_ids":["https://openalex.org/I200749728"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5021789437","display_name":"Kamil Iqbal","orcid":null},"institutions":[{"id":"https://openalex.org/I200749728","display_name":"Pir Mehr Ali Shah Arid Agriculture University","ror":"https://ror.org/035zn2q74","country_code":"PK","type":"education","lineage":["https://openalex.org/I200749728"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Kamil Iqbal","raw_affiliation_strings":["Department of Computer Science, PMAS-Arid Agriculture University, Rawalpindi, Pakistan","Department of Computer Science, University Institute of Information Technology, PMAS-Arid Agriculture University Rawalpindi, Pakistan"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, PMAS-Arid Agriculture University, Rawalpindi, Pakistan","institution_ids":["https://openalex.org/I200749728"]},{"raw_affiliation_string":"Department of Computer Science, University Institute of Information Technology, PMAS-Arid Agriculture University Rawalpindi, Pakistan","institution_ids":["https://openalex.org/I200749728"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5063447334"],"corresponding_institution_ids":["https://openalex.org/I200749728"],"apc_list":null,"apc_paid":null,"fwci":7.1513,"has_fulltext":false,"cited_by_count":38,"citation_normalized_percentile":{"value":0.96677967,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7949420213699341},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.7736663818359375},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.6810339689254761},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5077654123306274},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.5047029256820679},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4662185311317444},{"id":"https://openalex.org/keywords/web-modeling","display_name":"Web modeling","score":0.46104973554611206},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.4587041139602661},{"id":"https://openalex.org/keywords/web-engineering","display_name":"Web engineering","score":0.4429440498352051},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.41439563035964966},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.3855074942111969},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.37762022018432617},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.3315941095352173},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.32370007038116455},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2847607135772705},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.1427280306816101}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7949420213699341},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.7736663818359375},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.6810339689254761},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5077654123306274},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.5047029256820679},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4662185311317444},{"id":"https://openalex.org/C130436687","wikidata":"https://www.wikidata.org/wiki/Q7978591","display_name":"Web modeling","level":3,"score":0.46104973554611206},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.4587041139602661},{"id":"https://openalex.org/C97200028","wikidata":"https://www.wikidata.org/wiki/Q1196135","display_name":"Web engineering","level":5,"score":0.4429440498352051},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.41439563035964966},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.3855074942111969},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.37762022018432617},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.3315941095352173},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.32370007038116455},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2847607135772705},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.1427280306816101},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/snpd.2015.7176244","is_oa":false,"landing_page_url":"https://doi.org/10.1109/snpd.2015.7176244","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE/ACIS 16th International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W1969545431","https://openalex.org/W1971141125","https://openalex.org/W1978492394","https://openalex.org/W2000847545","https://openalex.org/W2001887549","https://openalex.org/W2012536898","https://openalex.org/W2020737857","https://openalex.org/W2026258420","https://openalex.org/W2027707376","https://openalex.org/W2034373522","https://openalex.org/W2061892850","https://openalex.org/W2069054745","https://openalex.org/W2076951575","https://openalex.org/W2082947977","https://openalex.org/W2108629901","https://openalex.org/W2110167714","https://openalex.org/W2163049969","https://openalex.org/W2330967414"],"related_works":["https://openalex.org/W2141388993","https://openalex.org/W1978034799","https://openalex.org/W1583761149","https://openalex.org/W2188399467","https://openalex.org/W3005817867","https://openalex.org/W2189059287","https://openalex.org/W4388270261","https://openalex.org/W4312473963","https://openalex.org/W3169826641","https://openalex.org/W2594635897"],"abstract_inverted_index":{"Number":[0],"of":[1,13,23,30,43,54,94,100,112,124,187],"security":[2,57,127,161],"vulnerabilities":[3,128,154],"in":[4,16,36,72,97,121],"web":[5,14,37,45,55,73,101,125,152],"application":[6,15,153],"has":[7,33,146,168],"grown":[8],"with":[9],"the":[10,21,41,92,117,122,138,144,151,182,200],"tremendous":[11],"growth":[12],"last":[17],"two":[18,178],"decades.":[19],"As":[20],"domain":[22],"Web":[24],"Applications":[25],"is":[26,61],"maturing,":[27],"large":[28],"number":[29],"empirical":[31,95,119],"studies":[32,71,189],"been":[34,147,169],"reported":[35,118],"applications":[38,56,74,126],"to":[39,64,82,88,157,193],"address":[40],"solution":[42,145],"vulnerable":[44],"application.":[46],"However,":[47],"before":[48],"advancing":[49],"towards":[50],"finding":[51],"new":[52],"approaches":[53],"vulnerability":[58],"detection,":[59],"there":[60],"a":[62,84,110,172,185],"need":[63],"analyze":[65],"and":[66,90,149,197],"synthesize":[67],"existing":[68,98,166],"evidence":[69],"based":[70],"area.":[75],"To":[76,163],"do":[77,164],"this,":[78,165],"we":[79,106],"have":[80],"planned":[81],"conduct":[83],"systematic":[85,173],"mapping":[86,113,155,174,183],"study":[87,114,175],"view":[89],"report":[91],"state-of-the-art":[93],"work":[96],"research":[99,120,179],"applications.":[102],"In":[103,181],"this":[104],"paper,":[105],"aimed":[107],"at":[108],"providing":[109],"description":[111],"for":[115,142],"synthesizing":[116],"area":[123],"detection":[129],"approaches.":[130],"The":[131],"proposed":[132,148],"solutions":[133],"are":[134],"mapped":[135,198],"against:":[136],"(1)":[137],"software":[139],"development":[140],"stages":[141],"which":[143],"(2)":[150],"according":[156],"OWASP":[158],"Top":[159],"10":[160],"vulnerabilities.":[162],"literature":[167],"surveyed":[170],"using":[171],"by":[176],"phrasing":[177],"questions.":[180],"study,":[184],"total":[186],"41":[188],"dating":[190],"from":[191],"1994":[192],"2014":[194],"were":[195],"evaluated":[196],"against":[199],"aforementioned":[201],"categories.":[202]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":3},{"year":2016,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}