{"id":"https://openalex.org/W3011558368","doi":"https://doi.org/10.1109/aiccsa47632.2019.9035265","title":"Beware of the Vulnerability! How Vulnerable are GitHub's Most Popular PHP Applications?","display_name":"Beware of the Vulnerability! How Vulnerable are GitHub's Most Popular PHP Applications?","publication_year":2019,"publication_date":"2019-11-01","ids":{"openalex":"https://openalex.org/W3011558368","doi":"https://doi.org/10.1109/aiccsa47632.2019.9035265","mag":"3011558368"},"language":"en","primary_location":{"id":"doi:10.1109/aiccsa47632.2019.9035265","is_oa":false,"landing_page_url":"https://doi.org/10.1109/aiccsa47632.2019.9035265","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100693110","display_name":"Ahmed M. Ibrahim","orcid":"https://orcid.org/0000-0001-9855-9600"},"institutions":[{"id":"https://openalex.org/I145487455","display_name":"Cairo University","ror":"https://ror.org/03q21mh05","country_code":"EG","type":"education","lineage":["https://openalex.org/I145487455"]}],"countries":["EG"],"is_corresponding":true,"raw_author_name":"Ahmed Ibrahim","raw_affiliation_strings":["Faculty of Computers and Artificial Intelligence, Cairo University","Mentor, A Siemens Business, Cairo, Egypt"],"affiliations":[{"raw_affiliation_string":"Faculty of Computers and Artificial Intelligence, Cairo University","institution_ids":["https://openalex.org/I145487455"]},{"raw_affiliation_string":"Mentor, A Siemens Business, Cairo, Egypt","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029231135","display_name":"Mohammad El\u2010Ramly","orcid":"https://orcid.org/0000-0002-5076-3829"},"institutions":[{"id":"https://openalex.org/I145487455","display_name":"Cairo University","ror":"https://ror.org/03q21mh05","country_code":"EG","type":"education","lineage":["https://openalex.org/I145487455"]}],"countries":["EG"],"is_corresponding":false,"raw_author_name":"Mohammad El-Ramly","raw_affiliation_strings":["Faculty of Computers and Artificial Intelligence, Cairo University, Giza, Egypt"],"affiliations":[{"raw_affiliation_string":"Faculty of Computers and Artificial Intelligence, Cairo University, Giza, Egypt","institution_ids":["https://openalex.org/I145487455"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101638627","display_name":"Amr Badr","orcid":"https://orcid.org/0000-0002-4817-8209"},"institutions":[{"id":"https://openalex.org/I145487455","display_name":"Cairo University","ror":"https://ror.org/03q21mh05","country_code":"EG","type":"education","lineage":["https://openalex.org/I145487455"]}],"countries":["EG"],"is_corresponding":false,"raw_author_name":"Amr Badr","raw_affiliation_strings":["Faculty of Computers and Artificial Intelligence, Cairo University, Giza, Egypt"],"affiliations":[{"raw_affiliation_string":"Faculty of Computers and Artificial Intelligence, Cairo University, Giza, Egypt","institution_ids":["https://openalex.org/I145487455"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5100693110"],"corresponding_institution_ids":["https://openalex.org/I145487455"],"apc_list":null,"apc_paid":null,"fwci":1.3566,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.87194766,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9950000047683716,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9940999746322632,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.8617353439331055},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7329720258712769},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7004945874214172},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5982106328010559},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.5714896321296692},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5634389519691467},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.5276086330413818},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4958575665950775},{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.48401448130607605},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.46612903475761414},{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.46066680550575256},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.45987528562545776},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.4594579041004181},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.4506131708621979},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.42939454317092896},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.30603164434432983},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.2879662811756134},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.19092074036598206},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.18485698103904724},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.14321964979171753},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.12233540415763855},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.10045126080513}],"concepts":[{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.8617353439331055},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7329720258712769},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7004945874214172},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5982106328010559},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.5714896321296692},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5634389519691467},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.5276086330413818},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4958575665950775},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.48401448130607605},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.46612903475761414},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.46066680550575256},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.45987528562545776},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.4594579041004181},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.4506131708621979},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.42939454317092896},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.30603164434432983},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.2879662811756134},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.19092074036598206},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.18485698103904724},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.14321964979171753},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.12233540415763855},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.10045126080513},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/aiccsa47632.2019.9035265","is_oa":false,"landing_page_url":"https://doi.org/10.1109/aiccsa47632.2019.9035265","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W587263676","https://openalex.org/W1818897895","https://openalex.org/W1964593071","https://openalex.org/W1986222079","https://openalex.org/W2017950530","https://openalex.org/W2028486686","https://openalex.org/W2740329368","https://openalex.org/W2766411424","https://openalex.org/W2892815795"],"related_works":["https://openalex.org/W2392503306","https://openalex.org/W2560421591","https://openalex.org/W3041665175","https://openalex.org/W2007984522","https://openalex.org/W2070218579","https://openalex.org/W2796094063","https://openalex.org/W4384518368","https://openalex.org/W2947407508","https://openalex.org/W2553301301","https://openalex.org/W2067195038"],"abstract_inverted_index":{"The":[0],"presence":[1,42],"of":[2,43,100,109,128,133,145,168,179,183,192,218],"software":[3,11,44,78],"vulnerabilities":[4,45,79,85,111,147,169],"is":[5,122],"a":[6,69,106,161],"serious":[7],"threat":[8],"to":[9,74,93],"any":[10],"project.":[12,114,172],"Exploiting":[13],"them":[14],"can":[15],"compromise":[16],"system":[17],"availability,":[18],"data":[19],"integrity,":[20],"and":[21,50,89,142,158,181,211],"confidentiality.":[22],"Unfortunately,":[23],"many":[24],"open":[25,47,62,197],"source":[26,48,63,198],"projects":[27,49,102],"go":[28],"for":[29,207],"years":[30],"with":[31,105,165],"undetected":[32],"ready-to-exploit":[33],"critical":[34],"vulnerabilities.":[35,131,193],"In":[36],"this":[37,55],"study,":[38],"we":[39],"investigate":[40],"the":[41,51,59,118,139,166,171,190,219],"in":[46,66,170],"factors":[52,91,174],"that":[53,98,117,152,196],"influence":[54,188],"presence.":[56,95],"We":[57,81,96,115,194],"analyzed":[58],"top":[60],"100":[61],"PHP":[64],"applications":[65],"GitHub":[67],"using":[68],"static":[70],"analysis":[71,150],"vulnerability":[72],"scanner":[73],"examine":[75],"how":[76],"common":[77,120,141],"are.":[80],"also":[82],"discussed":[83],"which":[84,125],"are":[86,103],"most":[87,119,140],"present":[88],"what":[90],"contribute":[92],"their":[94,208],"found":[97,116],"27%":[99],"these":[101],"insecure,":[104],"median":[107],"number":[108,167,178,182,191],"3":[110],"per":[112],"vulnerable":[113],"type":[121],"injection":[123],"vulnerabilities,":[124],"made":[126,143],"58%":[127],"all":[129,146],"detected":[130],"Out":[132],"these,":[134],"cross-site":[135],"scripting":[136],"(XSS)":[137],"was":[138],"43.5%":[144],"found.":[148],"Statistical":[149],"revealed":[151],"project":[153,176,199,209],"activities":[154],"like":[155,175],"branching,":[156],"pulling,":[157],"committing":[159],"have":[160],"moderate":[162],"positive":[163],"correlation":[164],"Other":[173],"popularity,":[177],"releases,":[180],"issues":[184],"had":[185],"almost":[186],"no":[187],"on":[189],"recommend":[195],"owners":[200],"should":[201],"set":[202],"secure":[203,213],"code":[204,214],"development":[205,221],"guidelines":[206],"members":[210],"establish":[212],"reviews":[215],"as":[216],"part":[217],"project's":[220],"process.":[222]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}