{"id":"https://openalex.org/W2772008372","doi":"https://doi.org/10.1109/tse.2017.2778711","title":"Automatic Generation of Tests to Exploit XML Injection Vulnerabilities in Web Applications","display_name":"Automatic Generation of Tests to Exploit XML Injection Vulnerabilities in Web Applications","publication_year":2017,"publication_date":"2017-11-30","ids":{"openalex":"https://openalex.org/W2772008372","doi":"https://doi.org/10.1109/tse.2017.2778711","mag":"2772008372"},"language":"en","primary_location":{"id":"doi:10.1109/tse.2017.2778711","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2017.2778711","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://orbilu.uni.lu/handle/10993/33087","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5014269950","display_name":"Sadeeq Jan","orcid":"https://orcid.org/0000-0002-1139-8507"},"institutions":[{"id":"https://openalex.org/I90610274","display_name":"University of Engineering and Technology Peshawar","ror":"https://ror.org/00p034093","country_code":"PK","type":"education","lineage":["https://openalex.org/I90610274"]}],"countries":["PK"],"is_corresponding":true,"raw_author_name":"Sadeeq Jan","raw_affiliation_strings":["University of Engineering & Technology, Peshawar, Pakistan"],"affiliations":[{"raw_affiliation_string":"University of Engineering & Technology, Peshawar, Pakistan","institution_ids":["https://openalex.org/I90610274"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067127346","display_name":"Annibale Panichella","orcid":"https://orcid.org/0000-0002-7395-3588"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Annibale Panichella","raw_affiliation_strings":["Interdisciplinary Centre for Security, Reliability and Trust (SNT), University of Luxembourg, Esch-sur-Alzette, Luxembourg"],"affiliations":[{"raw_affiliation_string":"Interdisciplinary Centre for Security, Reliability and Trust (SNT), University of Luxembourg, Esch-sur-Alzette, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052735480","display_name":"Andrea Arcuri","orcid":"https://orcid.org/0000-0003-0799-2930"},"institutions":[{"id":"https://openalex.org/I2801609477","display_name":"Westerdals Oslo School of Arts, Communication and Technology","ror":"https://ror.org/02re25503","country_code":"NO","type":"education","lineage":["https://openalex.org/I2801609477"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Andrea Arcuri","raw_affiliation_strings":["Westerdals Oslo ACT, Oslo, Norway"],"affiliations":[{"raw_affiliation_string":"Westerdals Oslo ACT, Oslo, Norway","institution_ids":["https://openalex.org/I2801609477"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5078533117","display_name":"Lionel Briand","orcid":"https://orcid.org/0000-0002-1393-1010"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Lionel Briand","raw_affiliation_strings":["Interdisciplinary Centre for Security, Reliability and Trust (SNT), University of Luxembourg, Esch-sur-Alzette, Luxembourg"],"affiliations":[{"raw_affiliation_string":"Interdisciplinary Centre for Security, Reliability and Trust (SNT), University of Luxembourg, Esch-sur-Alzette, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5014269950"],"corresponding_institution_ids":["https://openalex.org/I90610274"],"apc_list":null,"apc_paid":null,"fwci":7.5849,"has_fulltext":false,"cited_by_count":37,"citation_normalized_percentile":{"value":0.97367576,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":"45","issue":"4","first_page":"335","last_page":"362"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.9005986452102661},{"id":"https://openalex.org/keywords/soap","display_name":"SOAP","score":0.8273895978927612},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7364168763160706},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.6516337394714355},{"id":"https://openalex.org/keywords/xml","display_name":"XML","score":0.6362257599830627},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.490522563457489},{"id":"https://openalex.org/keywords/xml-signature","display_name":"XML Signature","score":0.47768884897232056},{"id":"https://openalex.org/keywords/hacker","display_name":"Hacker","score":0.4668107032775879},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4375380873680115},{"id":"https://openalex.org/keywords/point","display_name":"Point (geometry)","score":0.4111122786998749},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3918699324131012},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.38374730944633484},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.19669479131698608},{"id":"https://openalex.org/keywords/efficient-xml-interchange","display_name":"Efficient XML Interchange","score":0.18723222613334656}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.9005986452102661},{"id":"https://openalex.org/C17881449","wikidata":"https://www.wikidata.org/wiki/Q189620","display_name":"SOAP","level":2,"score":0.8273895978927612},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7364168763160706},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.6516337394714355},{"id":"https://openalex.org/C8797682","wikidata":"https://www.wikidata.org/wiki/Q2115","display_name":"XML","level":2,"score":0.6362257599830627},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.490522563457489},{"id":"https://openalex.org/C34330436","wikidata":"https://www.wikidata.org/wiki/Q979532","display_name":"XML Signature","level":4,"score":0.47768884897232056},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.4668107032775879},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4375380873680115},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.4111122786998749},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3918699324131012},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.38374730944633484},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.19669479131698608},{"id":"https://openalex.org/C11508877","wikidata":"https://www.wikidata.org/wiki/Q1124477","display_name":"Efficient XML Interchange","level":3,"score":0.18723222613334656},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tse.2017.2778711","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2017.2778711","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},{"id":"pmh:oai:orbilu.uni.lu:10993/33087","is_oa":true,"landing_page_url":"http://orbilu.uni.lu/handle/10993/33087","pdf_url":null,"source":{"id":"https://openalex.org/S4306401815","display_name":"Open Repository and Bibliography (University of Luxembourg)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I186903577","host_organization_name":"University of Luxembourg","host_organization_lineage":["https://openalex.org/I186903577"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Transactions on Software Engineering, 45(4), 335-362. New York, NY: Institute of Electrical and Electronics Engineers (2019).","raw_type":null}],"best_oa_location":{"id":"pmh:oai:orbilu.uni.lu:10993/33087","is_oa":true,"landing_page_url":"http://orbilu.uni.lu/handle/10993/33087","pdf_url":null,"source":{"id":"https://openalex.org/S4306401815","display_name":"Open Repository and Bibliography (University of Luxembourg)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I186903577","host_organization_name":"University of Luxembourg","host_organization_lineage":["https://openalex.org/I186903577"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Transactions on Software Engineering, 45(4), 335-362. New York, NY: Institute of Electrical and Electronics Engineers (2019).","raw_type":null},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":78,"referenced_works":["https://openalex.org/W158648539","https://openalex.org/W562733722","https://openalex.org/W1492417045","https://openalex.org/W1511682410","https://openalex.org/W1526710119","https://openalex.org/W1537258151","https://openalex.org/W1537794297","https://openalex.org/W1544329015","https://openalex.org/W1564372824","https://openalex.org/W1568834902","https://openalex.org/W1582895625","https://openalex.org/W1587100796","https://openalex.org/W1599808047","https://openalex.org/W1612015840","https://openalex.org/W1652373552","https://openalex.org/W1674046048","https://openalex.org/W1719186128","https://openalex.org/W1962083226","https://openalex.org/W1965335252","https://openalex.org/W1972178065","https://openalex.org/W1977321274","https://openalex.org/W1979931683","https://openalex.org/W1983439863","https://openalex.org/W1988033384","https://openalex.org/W2000825106","https://openalex.org/W2001619934","https://openalex.org/W2003567321","https://openalex.org/W2018888020","https://openalex.org/W2024352272","https://openalex.org/W2028569720","https://openalex.org/W2047551636","https://openalex.org/W2049280001","https://openalex.org/W2052671997","https://openalex.org/W2063387237","https://openalex.org/W2064924033","https://openalex.org/W2086037832","https://openalex.org/W2096590200","https://openalex.org/W2097998348","https://openalex.org/W2098007390","https://openalex.org/W2098054810","https://openalex.org/W2106782232","https://openalex.org/W2109596254","https://openalex.org/W2111127426","https://openalex.org/W2114869486","https://openalex.org/W2114934447","https://openalex.org/W2121044470","https://openalex.org/W2126820083","https://openalex.org/W2131479406","https://openalex.org/W2135808265","https://openalex.org/W2142665878","https://openalex.org/W2144220405","https://openalex.org/W2144611797","https://openalex.org/W2146136779","https://openalex.org/W2147002252","https://openalex.org/W2147826933","https://openalex.org/W2151554678","https://openalex.org/W2156773695","https://openalex.org/W2159406908","https://openalex.org/W2166381878","https://openalex.org/W2307340971","https://openalex.org/W2468358417","https://openalex.org/W2586946380","https://openalex.org/W2614667882","https://openalex.org/W2749805730","https://openalex.org/W2793679191","https://openalex.org/W4205416014","https://openalex.org/W4212901086","https://openalex.org/W4231714144","https://openalex.org/W4238003998","https://openalex.org/W4251988601","https://openalex.org/W4387688680","https://openalex.org/W6633992998","https://openalex.org/W6635127100","https://openalex.org/W6661991385","https://openalex.org/W6674385629","https://openalex.org/W6678230397","https://openalex.org/W6680448053","https://openalex.org/W6833780757"],"related_works":["https://openalex.org/W575671592","https://openalex.org/W1987059498","https://openalex.org/W344666387","https://openalex.org/W2532714313","https://openalex.org/W2164873654","https://openalex.org/W2383873549","https://openalex.org/W2396429700","https://openalex.org/W2348790486","https://openalex.org/W2074813163","https://openalex.org/W2365967029"],"abstract_inverted_index":{"Modern":[0],"enterprise":[1],"systems":[2,17,62],"can":[3],"be":[4,55],"composed":[5],"of":[6,15,94],"many":[7],"web":[8,41,70],"services":[9],"(e.g.,":[10,39],"SOAP":[11,79],"and":[12,26,123],"RESTful).":[13],"Users":[14],"such":[16,51,61,92,114],"might":[18,54],"not":[19],"have":[20],"direct":[21],"access":[22],"to":[23,63,67,89,112],"those":[24,68],"services,":[25],"rather":[27],"interact":[28],"with":[29,50],"them":[30],"through":[31],"a":[32,37,40,44,57],"single-entry":[33],"point":[34,53],"which":[35],"provides":[36],"GUI":[38],"page":[42],"or":[43],"mobile":[45],"app).":[46],"Although":[47],"the":[48],"interactions":[49],"entry":[52],"secure,":[56],"hacker":[58],"could":[59],"trick":[60],"send":[64],"malicious":[65],"inputs":[66],"internal":[69],"services.":[71],"A":[72,128],"typical":[73],"example":[74],"is":[75,87,141],"XML":[76,146],"injection":[77,147],"targeting":[78],"communications.":[80],"Previous":[81],"work":[82],"has":[83],"shown":[84],"that":[85,138],"it":[86],"possible":[88],"automatically":[90,144],"generate":[91,113],"kind":[93],"attacks":[95],"using":[96],"search-based":[97],"techniques.":[98],"In":[99,116],"this":[100],"paper,":[101],"we":[102,118],"improve":[103],"upon":[104],"previous":[105],"results":[106],"by":[107],"providing":[108],"more":[109],"efficient":[110],"techniques":[111],"attacks.":[115,148],"particular,":[117],"investigate":[119],"four":[120],"different":[121,125],"algorithms":[122],"two":[124,134],"fitness":[126],"functions.":[127],"large":[129],"empirical":[130],"study,":[131],"involving":[132],"also":[133],"industrial":[135],"systems,":[136],"shows":[137],"our":[139],"technique":[140],"effective":[142],"at":[143],"generating":[145]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":7},{"year":2019,"cited_by_count":5},{"year":2018,"cited_by_count":3}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}