{"id":"https://openalex.org/W2159174455","doi":"https://doi.org/10.1145/1947940.1948057","title":"Evaluation of web application security risks and secure design patterns","display_name":"Evaluation of web application security risks and secure design patterns","publication_year":2011,"publication_date":"2011-02-12","ids":{"openalex":"https://openalex.org/W2159174455","doi":"https://doi.org/10.1145/1947940.1948057","mag":"2159174455"},"language":"en","primary_location":{"id":"doi:10.1145/1947940.1948057","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1947940.1948057","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2011 International Conference on Communication, Computing &amp; Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5006503098","display_name":"Asish Kumar Dalai","orcid":"https://orcid.org/0000-0003-0613-175X"},"institutions":[{"id":"https://openalex.org/I16292982","display_name":"National Institute of Technology Rourkela","ror":"https://ror.org/011gmn932","country_code":"IN","type":"education","lineage":["https://openalex.org/I16292982"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Asish Kumar Dalai","raw_affiliation_strings":["National Institute of Technology Rourkela, Odisha, India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"National Institute of Technology Rourkela, Odisha, India","institution_ids":["https://openalex.org/I16292982"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101666946","display_name":"Sanjay Kumar Jena","orcid":"https://orcid.org/0000-0002-1619-8360"},"institutions":[{"id":"https://openalex.org/I16292982","display_name":"National Institute of Technology Rourkela","ror":"https://ror.org/011gmn932","country_code":"IN","type":"education","lineage":["https://openalex.org/I16292982"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Sanjay Kumar Jena","raw_affiliation_strings":["National Institute of Technology Rourkela, Odisha, India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"National Institute of Technology Rourkela, Odisha, India","institution_ids":["https://openalex.org/I16292982"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":6.4429,"has_fulltext":false,"cited_by_count":19,"citation_normalized_percentile":{"value":0.96761055,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"565","last_page":"568"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12490","display_name":"Software Engineering and Design Patterns","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/3303","display_name":"Development"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T12490","display_name":"Software Engineering and Design Patterns","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/3303","display_name":"Development"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7587456703186035},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.7581589221954346},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7167747616767883},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.6106312274932861},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.5971977710723877},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.5369581580162048},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5122103095054626},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.506126344203949},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.49457213282585144},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.4920603632926941},{"id":"https://openalex.org/keywords/application-security","display_name":"Application security","score":0.49135246872901917},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.47993093729019165},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.4401416480541229},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.43284353613853455},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.371710866689682},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.3364984095096588},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.31158047914505005},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.2896575331687927},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.19752413034439087}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7587456703186035},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.7581589221954346},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7167747616767883},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.6106312274932861},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.5971977710723877},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.5369581580162048},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5122103095054626},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.506126344203949},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.49457213282585144},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.4920603632926941},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.49135246872901917},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.47993093729019165},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.4401416480541229},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.43284353613853455},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.371710866689682},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.3364984095096588},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.31158047914505005},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.2896575331687927},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.19752413034439087},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1947940.1948057","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1947940.1948057","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2011 International Conference on Communication, Computing &amp; Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/12","score":0.5799999833106995,"display_name":"Responsible consumption and production"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W79503960","https://openalex.org/W652748195","https://openalex.org/W1514888816","https://openalex.org/W1649645444","https://openalex.org/W2110054482","https://openalex.org/W2128342686","https://openalex.org/W2134521102","https://openalex.org/W2135191468","https://openalex.org/W2144677880","https://openalex.org/W2168409789","https://openalex.org/W2589180140"],"related_works":["https://openalex.org/W2155353733","https://openalex.org/W125279808","https://openalex.org/W4240401768","https://openalex.org/W2146455667","https://openalex.org/W896362041","https://openalex.org/W2018644264","https://openalex.org/W3015499098","https://openalex.org/W3189065608","https://openalex.org/W2796056969","https://openalex.org/W2135191468"],"abstract_inverted_index":{"The":[0,48,94],"application":[1,6,60,134],"of":[2,8,16,21,50,58],"security":[3,32,40,51,71,87,130],"in":[4,42,52,92],"web":[5,17,133],"is":[7,104,124,141],"profound":[9],"importance":[10],"due":[11,37],"to":[12,38,84,106],"the":[13,22,27,39,46,53,59,63,90,111,120,128],"extended":[14],"use":[15,98],"for":[18],"business.":[19],"Most":[20],"attacks,":[23],"are":[24,29],"either":[25],"because":[26],"developers":[28,95],"not":[30,118],"considering":[31],"as":[33],"a":[34,73,108,147],"concern":[35],"or":[36,116],"flaws":[41],"designing":[43],"and":[44,66,139,146],"developing":[45],"applications.":[47],"enforcement":[49],"software":[54],"development":[55],"life":[56],"cycle":[57],"may":[61,115,117],"reduce":[62],"high":[64],"cost":[65],"efforts":[67],"associated":[68],"with":[69],"implementing":[70],"at":[72],"later":[74],"stage.":[75],"For":[76],"this":[77],"purpose,":[78],"various":[79],"attempts":[80],"has":[81,136],"been":[82,137],"made":[83],"define":[85],"some":[86],"patterns":[88,100],"keeping":[89],"attacks":[91],"mind.":[93],"now":[96],"can":[97],"these":[99],"but":[101],"sometimes":[102],"it":[103],"difficult":[105],"choose":[107],"pattern":[109],"from":[110],"large":[112],"list,":[113],"which":[114],"suit":[119],"context.":[121],"This":[122],"paper":[123],"based":[125],"on":[126],"analyzing":[127],"existing":[129],"patterns.":[131],"Here":[132],"vulnerabilities":[135],"classified":[138],"pairing":[140],"done":[142],"between":[143],"each":[144],"vulnerability":[145],"suitable":[148],"pattern.":[149]},"counts_by_year":[{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":4},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":2},{"year":2014,"cited_by_count":2},{"year":2013,"cited_by_count":2},{"year":2012,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}