{"id":"https://openalex.org/W1963918138","doi":"https://doi.org/10.1145/2590296.2590324","title":"Scanning of real-world web applications for parameter tampering vulnerabilities","display_name":"Scanning of real-world web applications for parameter tampering vulnerabilities","publication_year":2014,"publication_date":"2014-05-30","ids":{"openalex":"https://openalex.org/W1963918138","doi":"https://doi.org/10.1145/2590296.2590324","mag":"1963918138"},"language":"en","primary_location":{"id":"doi:10.1145/2590296.2590324","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2590296.2590324","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 9th ACM symposium on Information, computer and communications security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1204.1216","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5021268885","display_name":"Adonis P. H. Fung","orcid":null},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"CN","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Adonis P.H. Fung","raw_affiliation_strings":["The Chinese University of Hong Kong, Shatin NT, Hong Kong"],"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Shatin NT, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057941531","display_name":"Tielei Wang","orcid":null},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tielei Wang","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA","Georgia Institute of Technology Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]},{"raw_affiliation_string":"Georgia Institute of Technology Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022791783","display_name":"William K. Cheung","orcid":"https://orcid.org/0000-0002-7428-2050"},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"CN","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"K. W. Cheung","raw_affiliation_strings":["The Chinese University of Hong Kong, Shatin NT, Hong Kong"],"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Shatin NT, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5103351367","display_name":"T. Y. Wong","orcid":null},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"CN","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"T. Y. Wong","raw_affiliation_strings":["The Chinese University of Hong Kong, Shatin NT, Hong Kong"],"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Shatin NT, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5021268885"],"corresponding_institution_ids":["https://openalex.org/I177725633"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.14174895,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"341","last_page":"352"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9172072410583496},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8134801387786865},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.6351923942565918},{"id":"https://openalex.org/keywords/dependency","display_name":"Dependency (UML)","score":0.5959036946296692},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.49404433369636536},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4311956465244293},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.42853325605392456},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.41223666071891785},{"id":"https://openalex.org/keywords/web-server","display_name":"Web server","score":0.41036462783813477},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2932206392288208},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.25942420959472656},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.232284814119339},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.22807642817497253},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.16769170761108398},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.07853201031684875}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9172072410583496},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8134801387786865},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.6351923942565918},{"id":"https://openalex.org/C19768560","wikidata":"https://www.wikidata.org/wiki/Q320727","display_name":"Dependency (UML)","level":2,"score":0.5959036946296692},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.49404433369636536},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4311956465244293},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.42853325605392456},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.41223666071891785},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.41036462783813477},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2932206392288208},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.25942420959472656},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.232284814119339},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.22807642817497253},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.16769170761108398},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.07853201031684875},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/2590296.2590324","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2590296.2590324","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 9th ACM symposium on Information, computer and communications security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1204.1216","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1204.1216","pdf_url":"https://arxiv.org/pdf/1204.1216","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1204.1216","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1204.1216","pdf_url":"https://arxiv.org/pdf/1204.1216","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W33764377","https://openalex.org/W1222699389","https://openalex.org/W1489243061","https://openalex.org/W1834251436","https://openalex.org/W1861561811","https://openalex.org/W1979931683","https://openalex.org/W1980694458","https://openalex.org/W2001496424","https://openalex.org/W2007842496","https://openalex.org/W2079358531","https://openalex.org/W2089775132","https://openalex.org/W2094568767","https://openalex.org/W2144271133","https://openalex.org/W2144621365","https://openalex.org/W2162720432","https://openalex.org/W2166510103","https://openalex.org/W2193288339","https://openalex.org/W2408152660","https://openalex.org/W2841360671","https://openalex.org/W2900899122","https://openalex.org/W2915472497","https://openalex.org/W4246597393"],"related_works":["https://openalex.org/W2626999804","https://openalex.org/W4250004941","https://openalex.org/W2736202444","https://openalex.org/W2049015391","https://openalex.org/W2137014442","https://openalex.org/W1533158771","https://openalex.org/W122082928","https://openalex.org/W2104288289","https://openalex.org/W2521397622","https://openalex.org/W4294067941"],"abstract_inverted_index":{"Web":[0],"applications":[1,40],"require":[2],"exchanging":[3],"parameters":[4,26],"between":[5],"a":[6,9,35,102,133,142],"client":[7],"and":[8,32,37,45,81,109,117],"server":[10,33,123],"to":[11,42,63,87,105],"function":[12],"properly.":[13],"In":[14,97],"real-world":[15],"systems":[16],"such":[17],"as":[18],"online":[19],"banking":[20,153],"transfer,":[21],"traversing":[22],"multiple":[23,50],"pages":[24],"with":[25],"contributed":[27],"by":[28,131],"both":[29],"the":[30,39,69,107,129,150],"user":[31],"is":[34,60],"must,":[36],"hence":[38],"have":[41],"enforce":[43],"workflow":[44,108],"parameter":[46,64,110,136],"dependency":[47],"controls":[48],"across":[49],"requests.":[51],"An":[52],"application":[53],"that":[54],"applies":[55],"insufficient":[56],"server-side":[57],"input":[58],"validations":[59],"however":[61,76],"vulnerable":[62,95],"tampering":[65,137],"attacks,":[66],"which":[67,113,155],"manipulate":[68],"exchanged":[70],"parameters.":[71],"Existing":[72],"fuzzing-based":[73],"scanning":[74],"approaches":[75],"neglected":[77],"these":[78],"important":[79],"controls,":[80],"this":[82,98],"caused":[83],"their":[84],"fuzzing":[85],"requests":[86],"be":[88],"dropped":[89],"before":[90],"they":[91],"can":[92],"reach":[93],"any":[94],"code.":[96],"paper,":[99],"we":[100],"propose":[101],"novel":[103],"approach":[104,130],"identify":[106],"dependent":[111],"constraints,":[112],"are":[114],"then":[115],"maintained":[116],"leveraged":[118],"for":[119],"automatic":[120],"detection":[121],"of":[122,144],"acceptances":[124],"during":[125],"fuzzing.":[126],"We":[127],"realized":[128],"building":[132],"generic":[134],"blackbox":[135],"scanner.":[138],"It":[139],"successfully":[140],"uncovered":[141],"number":[143],"severe":[145],"vulnerabilities,":[146],"including":[147],"one":[148],"from":[149],"largest":[151],"multi-national":[152],"website,":[154],"other":[156],"scanners":[157],"miss.":[158]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2016-06-24T00:00:00"}