{"id":"https://openalex.org/W4287884595","doi":"https://doi.org/10.1109/spw54247.2022.9833883","title":"yoU aRe a Liar://A Unified Framework for Cross-Testing URL Parsers","display_name":"yoU aRe a Liar://A Unified Framework for Cross-Testing URL Parsers","publication_year":2022,"publication_date":"2022-05-01","ids":{"openalex":"https://openalex.org/W4287884595","doi":"https://doi.org/10.1109/spw54247.2022.9833883"},"language":"en","primary_location":{"id":"doi:10.1109/spw54247.2022.9833883","is_oa":false,"landing_page_url":"https://doi.org/10.1109/spw54247.2022.9833883","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Security and Privacy Workshops (SPW)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5018973907","display_name":"Dashmeet Kaur Ajmani","orcid":null},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Dashmeet Kaur Ajmani","raw_affiliation_strings":["North Carolina State University,Department of Computer Science","Department of Computer Science, North Carolina State University"],"affiliations":[{"raw_affiliation_string":"North Carolina State University,Department of Computer Science","institution_ids":["https://openalex.org/I137902535"]},{"raw_affiliation_string":"Department of Computer Science, North Carolina State University","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050182558","display_name":"Igibek Koishybayev","orcid":null},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Igibek Koishybayev","raw_affiliation_strings":["North Carolina State University,Department of Computer Science","Department of Computer Science, North Carolina State University"],"affiliations":[{"raw_affiliation_string":"North Carolina State University,Department of Computer Science","institution_ids":["https://openalex.org/I137902535"]},{"raw_affiliation_string":"Department of Computer Science, North Carolina State University","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5041544321","display_name":"Alexandros Kapravelos","orcid":"https://orcid.org/0000-0002-8839-8521"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alexandros Kapravelos","raw_affiliation_strings":["North Carolina State University,Department of Computer Science","Department of Computer Science, North Carolina State University"],"affiliations":[{"raw_affiliation_string":"North Carolina State University,Department of Computer Science","institution_ids":["https://openalex.org/I137902535"]},{"raw_affiliation_string":"Department of Computer Science, North Carolina State University","institution_ids":["https://openalex.org/I137902535"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5018973907"],"corresponding_institution_ids":["https://openalex.org/I137902535"],"apc_list":null,"apc_paid":null,"fwci":1.5157,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.86155043,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":97},"biblio":{"volume":"8","issue":null,"first_page":"51","last_page":"58"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8951838612556458},{"id":"https://openalex.org/keywords/parsing","display_name":"Parsing","score":0.7601780891418457},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4967697262763977},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.495578408241272},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.47066840529441833},{"id":"https://openalex.org/keywords/variety","display_name":"Variety (cybernetics)","score":0.46304967999458313},{"id":"https://openalex.org/keywords/phishing","display_name":"Phishing","score":0.4310861825942993},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4216023087501526},{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.4213064908981323},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.41742756962776184},{"id":"https://openalex.org/keywords/web-page","display_name":"Web page","score":0.37000149488449097},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.25861722230911255},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.17919716238975525},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.17458036541938782},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.1528007686138153},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.11636888980865479}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8951838612556458},{"id":"https://openalex.org/C186644900","wikidata":"https://www.wikidata.org/wiki/Q194152","display_name":"Parsing","level":2,"score":0.7601780891418457},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4967697262763977},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.495578408241272},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.47066840529441833},{"id":"https://openalex.org/C136197465","wikidata":"https://www.wikidata.org/wiki/Q1729295","display_name":"Variety (cybernetics)","level":2,"score":0.46304967999458313},{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.4310861825942993},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4216023087501526},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.4213064908981323},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.41742756962776184},{"id":"https://openalex.org/C21959979","wikidata":"https://www.wikidata.org/wiki/Q36774","display_name":"Web page","level":2,"score":0.37000149488449097},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.25861722230911255},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.17919716238975525},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.17458036541938782},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.1528007686138153},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.11636888980865479},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/spw54247.2022.9833883","is_oa":false,"landing_page_url":"https://doi.org/10.1109/spw54247.2022.9833883","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Security and Privacy Workshops (SPW)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Partnerships for the goals","id":"https://metadata.un.org/sdg/17","score":0.41999998688697815}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":7,"referenced_works":["https://openalex.org/W1657640485","https://openalex.org/W2295521025","https://openalex.org/W2558309902","https://openalex.org/W2947308382","https://openalex.org/W3031752541","https://openalex.org/W4254697110","https://openalex.org/W6982309495"],"related_works":["https://openalex.org/W4366502726","https://openalex.org/W2023038964","https://openalex.org/W2075358766","https://openalex.org/W2981036578","https://openalex.org/W4289527657","https://openalex.org/W2578193553","https://openalex.org/W3127702456","https://openalex.org/W1985998952","https://openalex.org/W2987138895","https://openalex.org/W4400973582"],"abstract_inverted_index":{"A":[0],"variety":[1],"of":[2,23,25,55,76,97,107,115,122,133,207,252],"attacks,":[3],"including":[4],"phishing,":[5],"remote-code":[6],"execution,":[7],"server-side":[8,108],"request":[9,109],"forgery,":[10],"and":[11,48,58,79,104,129,193,215,223,237,240,257,269],"hostname":[12],"redirection,":[13],"are":[14,71,167],"delivered":[15],"to":[16,39,83,160,163,169,177,266],"users":[17,156],"over":[18],"the":[19,26,53,77,93,101,105,112,144,146,150,175,204,217,227,232,259,272],"web.":[20],"The":[21,46,95],"beginning":[22],"most":[24,233],"web":[27],"exploits":[28],"is":[29,90,100,125,182],"an":[30,61,87,137],"innocent-looking":[31],"URL.":[32,94,152],"Malformed":[33],"or":[34],"misinterpreted":[35],"URLs":[36,162],"can":[37,157],"lead":[38],"remote":[40],"code":[41],"execution":[42],"attacks":[43],"as":[44,60],"well.":[45],"IETF":[47],"WHATWG":[49],"standards":[50,99,124],"organizations":[51],"define":[52],"components":[54],"a":[56,200,262],"URL":[57,65,78,209,228],"act":[59],"implementation":[62,139,230,264],"guide":[63],"for":[64,191,245,261],"parsers.":[66],"They":[67],"state":[68],"which":[69],"characters":[70],"allowed":[72],"in":[73,85,92,111,143],"each":[74],"portion":[75],"loosely":[80],"suggest":[81],"what":[82],"do":[84],"case":[86],"undefined":[88],"character":[89],"present":[91],"existence":[96],"two":[98,188],"first":[102],"concern,":[103],"addition":[106],"forgery":[110],"latest":[113],"version":[114],"OWASP":[116],"Top":[117],"10,":[118],"suggests":[119],"that":[120,202],"neither":[121,132],"these":[123,134],"being":[126],"followed":[127],"accurately":[128],"concisely.":[130],"Moreover,":[131],"specifications":[135],"describe":[136],"exact":[138],"standard,":[140],"causing":[141],"inconsistencies":[142,218],"way":[145],"various":[147],"parsers":[148,190,210],"interpret":[149],"same":[151],"For":[153],"example,":[154],"malicious":[155],"find":[158],"ways":[159],"craft":[161],"look":[164],"like":[165],"they":[166],"pointing":[168],"one":[170,185],"resource":[171,194],"but":[172],"actually":[173],"direct":[174],"user":[176],"different":[178],"one.":[179],"This":[180],"problem":[181],"worsened":[183],"when":[184],"application":[186],"uses":[187],"separate":[189],"validation":[192],"fetching.In":[195],"this":[196],"paper,":[197],"we":[198],"design":[199],"framework":[201],"unifies":[203],"testing":[205],"suites":[206],"8":[208],"from":[211],"popular":[212,234],"web-related":[213],"projects":[214],"highlights":[216],"between":[219],"them.":[220],"We":[221],"examine":[222],"dive":[224],"deep":[225],"into":[226],"parser":[229],"across":[231],"libraries,":[235],"browsers,":[236],"command-line":[238],"tools,":[239],"discover":[241],"many":[242],"open":[243],"areas":[244],"exploitation.":[246],"Our":[247],"findings":[248],"include":[249],"identifying":[250],"categories":[251],"inconsistencies,":[253],"developing":[254],"proof-of-concept":[255],"exploits,":[256],"highlighting":[258],"need":[260],"comprehensive":[263],"standard":[265],"be":[267],"developed":[268],"enforced":[270],"at":[271],"earliest.":[273]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}