{"id":"https://openalex.org/W1971800255","doi":"https://doi.org/10.1145/2566486.2568024","title":"Automatic detection and correction of web application vulnerabilities using data mining to predict false positives","display_name":"Automatic detection and correction of web application vulnerabilities using data mining to predict false positives","publication_year":2014,"publication_date":"2014-04-07","ids":{"openalex":"https://openalex.org/W1971800255","doi":"https://doi.org/10.1145/2566486.2568024","mag":"1971800255"},"language":"en","primary_location":{"id":"doi:10.1145/2566486.2568024","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2566486.2568024","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 23rd international conference on World wide web","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5058688939","display_name":"Ib\u00e9ria Medeiros","orcid":"https://orcid.org/0000-0003-4478-8680"},"institutions":[{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]}],"countries":["PT"],"is_corresponding":true,"raw_author_name":"Ib\u00e9ria Medeiros","raw_affiliation_strings":["University of Lisboa, Faculty of Sciences, Lisboa, Portugal"],"affiliations":[{"raw_affiliation_string":"University of Lisboa, Faculty of Sciences, Lisboa, Portugal","institution_ids":["https://openalex.org/I141596103"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072404521","display_name":"Nuno Neves","orcid":"https://orcid.org/0000-0003-0411-4542"},"institutions":[{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Nuno F. Neves","raw_affiliation_strings":["University of Lisboa, Faculty of Sciences, Lisboa, Portugal"],"affiliations":[{"raw_affiliation_string":"University of Lisboa, Faculty of Sciences, Lisboa, Portugal","institution_ids":["https://openalex.org/I141596103"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5016455665","display_name":"Miguel Correia","orcid":"https://orcid.org/0000-0001-7873-5531"},"institutions":[{"id":"https://openalex.org/I4387152517","display_name":"Instituto Superior T\u00e9cnico","ror":"https://ror.org/03db2by73","country_code":null,"type":"education","lineage":["https://openalex.org/I141596103","https://openalex.org/I4387152517"]},{"id":"https://openalex.org/I203847022","display_name":"Instituto Polit\u00e9cnico de Lisboa","ror":"https://ror.org/04ea70f07","country_code":"PT","type":"education","lineage":["https://openalex.org/I203847022"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Miguel Correia","raw_affiliation_strings":["University of Lisboa, Instituto Superior T\u00e9cnico, Lisboa, Portugal"],"affiliations":[{"raw_affiliation_string":"University of Lisboa, Instituto Superior T\u00e9cnico, Lisboa, Portugal","institution_ids":["https://openalex.org/I203847022","https://openalex.org/I4387152517"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5058688939"],"corresponding_institution_ids":["https://openalex.org/I141596103"],"apc_list":null,"apc_paid":null,"fwci":17.9978,"has_fulltext":false,"cited_by_count":89,"citation_normalized_percentile":{"value":0.98967784,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"63","last_page":"74"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.8929641246795654},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.86707603931427},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.7882815599441528},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.6810120344161987},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.5980277061462402},{"id":"https://openalex.org/keywords/true-positive-rate","display_name":"True positive rate","score":0.5182640552520752},{"id":"https://openalex.org/keywords/coding","display_name":"Coding (social sciences)","score":0.511508584022522},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.4922238886356354},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4876517057418823},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.44213494658470154},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.42027032375335693},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.3987891674041748},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.2695677876472473},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2515902519226074},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.219228595495224},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.19851034879684448},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.1870691180229187},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.17114749550819397},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.14423084259033203},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.12583670020103455}],"concepts":[{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.8929641246795654},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.86707603931427},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.7882815599441528},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.6810120344161987},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.5980277061462402},{"id":"https://openalex.org/C2989486834","wikidata":"https://www.wikidata.org/wiki/Q3808900","display_name":"True positive rate","level":2,"score":0.5182640552520752},{"id":"https://openalex.org/C179518139","wikidata":"https://www.wikidata.org/wiki/Q5140297","display_name":"Coding (social sciences)","level":2,"score":0.511508584022522},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.4922238886356354},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4876517057418823},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.44213494658470154},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.42027032375335693},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.3987891674041748},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2695677876472473},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2515902519226074},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.219228595495224},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.19851034879684448},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.1870691180229187},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.17114749550819397},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.14423084259033203},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.12583670020103455},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2566486.2568024","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2566486.2568024","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 23rd international conference on World wide web","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5199999809265137,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320334779","display_name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia","ror":"https://ror.org/00snfqn58"},{"id":"https://openalex.org/F4320334960","display_name":"Seventh Framework Programme","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":41,"referenced_works":["https://openalex.org/W1505842519","https://openalex.org/W1511560695","https://openalex.org/W1565113942","https://openalex.org/W1565746575","https://openalex.org/W1570448133","https://openalex.org/W1598083179","https://openalex.org/W1975040830","https://openalex.org/W1983142587","https://openalex.org/W1985987493","https://openalex.org/W1997389706","https://openalex.org/W2001693166","https://openalex.org/W2003115932","https://openalex.org/W2007999111","https://openalex.org/W2008158744","https://openalex.org/W2008857097","https://openalex.org/W2014590767","https://openalex.org/W2015729052","https://openalex.org/W2020841721","https://openalex.org/W2043837581","https://openalex.org/W2088498570","https://openalex.org/W2096791889","https://openalex.org/W2105742204","https://openalex.org/W2105776892","https://openalex.org/W2106919779","https://openalex.org/W2110514745","https://openalex.org/W2112962899","https://openalex.org/W2120361464","https://openalex.org/W2122049982","https://openalex.org/W2129362719","https://openalex.org/W2130069807","https://openalex.org/W2146455667","https://openalex.org/W2148001343","https://openalex.org/W2149382744","https://openalex.org/W2160138611","https://openalex.org/W2164582878","https://openalex.org/W2166336492","https://openalex.org/W2166602595","https://openalex.org/W2912410914","https://openalex.org/W2914982603","https://openalex.org/W2966207845","https://openalex.org/W2997546679"],"related_works":["https://openalex.org/W2027184711","https://openalex.org/W3129715955","https://openalex.org/W1557094818","https://openalex.org/W4287692494","https://openalex.org/W3047594718","https://openalex.org/W2953243682","https://openalex.org/W4308823623","https://openalex.org/W2292865721","https://openalex.org/W1971800255","https://openalex.org/W2540423276"],"abstract_inverted_index":{"Web":[0],"application":[1],"security":[2],"is":[3,16,40],"an":[4,88,169],"important":[5],"problem":[6,39],"in":[7,156,164],"today's":[8],"internet.":[9],"A":[10],"major":[11],"cause":[12],"of":[13,66,75,78,108,146,178],"this":[14,38,142],"status":[15],"that":[17,61,91,133],"many":[18,58],"programmers":[19],"do":[20,149],"not":[21],"have":[22],"adequate":[23],"knowledge":[24,124,134],"about":[25,125],"secure":[26],"coding,":[27],"so":[28],"they":[29],"leave":[30],"applications":[31],"with":[32,83,174],"vulnerabilities.":[33],"An":[34],"approach":[35,100,112,161],"to":[36,41,47,56,80,95,104],"solve":[37],"use":[42,74],"source":[43,158,180],"code":[44,151],"static":[45],"analysis":[46,94],"find":[48],"these":[49,52],"bugs,":[50],"but":[51],"tools":[53],"are":[54],"known":[55],"report":[57],"false":[59,85,109],"positives":[60],"make":[62],"hard":[63],"the":[64,68,73,106,123,157,165],"task":[65],"correcting":[67],"application.":[69],"This":[70,111],"paper":[71],"explores":[72],"a":[76,114,175],"hybrid":[77],"methods":[79],"detect":[81],"vulnerabilities":[82,126],"less":[84],"positives.":[86,110],"After":[87],"initial":[89],"step":[90],"uses":[92,101],"taint":[93,128],"flag":[96],"candidate":[97],"vulnerabilities,":[98],"our":[99],"data":[102,139],"mining":[103],"predict":[105],"existence":[107],"reaches":[113],"trade-off":[115],"between":[116],"two":[117],"apparently":[118],"opposite":[119],"approaches:":[120],"humans":[121],"coding":[122],"(for":[127],"analysis)":[129],"versus":[130],"automatically":[131],"obtaining":[132],"(with":[135],"machine":[136],"learning,":[137],"for":[138],"mining).":[140],"Given":[141],"more":[143],"precise":[144],"form":[145],"detection,":[147],"we":[148],"automatic":[150],"correction":[152],"by":[153],"inserting":[154],"fixes":[155],"code.":[159],"The":[160],"was":[162,172],"implemented":[163],"WAP":[166],"tool":[167],"and":[168],"experimental":[170],"evaluation":[171],"performed":[173],"large":[176],"set":[177],"open":[179],"PHP":[181],"applications.":[182]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":13},{"year":2021,"cited_by_count":8},{"year":2020,"cited_by_count":14},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":12},{"year":2017,"cited_by_count":7},{"year":2016,"cited_by_count":7},{"year":2015,"cited_by_count":8}],"updated_date":"2026-04-12T07:58:50.170612","created_date":"2025-10-10T00:00:00"}