{"id":"https://openalex.org/W2038841294","doi":"https://doi.org/10.1145/2810103.2813625","title":"From Facepalm to Brain Bender","display_name":"From Facepalm to Brain Bender","publication_year":2015,"publication_date":"2015-10-06","ids":{"openalex":"https://openalex.org/W2038841294","doi":"https://doi.org/10.1145/2810103.2813625","mag":"2038841294"},"language":"en","primary_location":{"id":"doi:10.1145/2810103.2813625","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2810103.2813625","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5087823285","display_name":"Ben Stock","orcid":"https://orcid.org/0000-0001-9659-0700"},"institutions":[{"id":"https://openalex.org/I181369854","display_name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg","ror":"https://ror.org/00f7hpc57","country_code":"DE","type":"education","lineage":["https://openalex.org/I181369854"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Ben Stock","raw_affiliation_strings":["FAU Erlangen-Nuremberg, Erlangen, Germany"],"affiliations":[{"raw_affiliation_string":"FAU Erlangen-Nuremberg, Erlangen, Germany","institution_ids":["https://openalex.org/I181369854"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039830729","display_name":"Stephan Pfistner","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Stephan Pfistner","raw_affiliation_strings":["SAP SE, Karlsruhe, Germany"],"affiliations":[{"raw_affiliation_string":"SAP SE, Karlsruhe, Germany","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043344876","display_name":"Bernd Kaiser","orcid":null},"institutions":[{"id":"https://openalex.org/I181369854","display_name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg","ror":"https://ror.org/00f7hpc57","country_code":"DE","type":"education","lineage":["https://openalex.org/I181369854"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Bernd Kaiser","raw_affiliation_strings":["FAU Erlangen-Nuremberg, Erlangen, Germany"],"affiliations":[{"raw_affiliation_string":"FAU Erlangen-Nuremberg, Erlangen, Germany","institution_ids":["https://openalex.org/I181369854"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080377300","display_name":"Sebastian Lekies","orcid":null},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sebastian Lekies","raw_affiliation_strings":["Ruhr-University Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Ruhr-University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5002067855","display_name":"Martin Johns","orcid":"https://orcid.org/0000-0003-2574-5060"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Martin Johns","raw_affiliation_strings":["SAP SE, Karlsruhe, Germany"],"affiliations":[{"raw_affiliation_string":"SAP SE, Karlsruhe, Germany","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5087823285"],"corresponding_institution_ids":["https://openalex.org/I181369854"],"apc_list":null,"apc_paid":null,"fwci":10.27235514,"has_fulltext":false,"cited_by_count":42,"citation_normalized_percentile":{"value":0.98006259,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1419","last_page":"1430"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9850000143051147,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9574999809265137,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.9822466969490051},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8663463592529297},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.7126836776733398},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.6851863265037537},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5430892705917358},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5128286480903625},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.49988698959350586},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.4887697398662567},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.4801730215549469},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.4778968095779419},{"id":"https://openalex.org/keywords/captcha","display_name":"CAPTCHA","score":0.46841612458229065},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.4584940969944},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.45682409405708313},{"id":"https://openalex.org/keywords/trace","display_name":"TRACE (psycholinguistics)","score":0.4161342978477478},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.37333905696868896},{"id":"https://openalex.org/keywords/web-page","display_name":"Web page","score":0.3334025740623474},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.22896096110343933},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1773732304573059},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.13339504599571228},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.11490553617477417}],"concepts":[{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.9822466969490051},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8663463592529297},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.7126836776733398},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.6851863265037537},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5430892705917358},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5128286480903625},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.49988698959350586},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.4887697398662567},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.4801730215549469},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.4778968095779419},{"id":"https://openalex.org/C163339463","wikidata":"https://www.wikidata.org/wiki/Q484598","display_name":"CAPTCHA","level":2,"score":0.46841612458229065},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.4584940969944},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.45682409405708313},{"id":"https://openalex.org/C75291252","wikidata":"https://www.wikidata.org/wiki/Q1315756","display_name":"TRACE (psycholinguistics)","level":2,"score":0.4161342978477478},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.37333905696868896},{"id":"https://openalex.org/C21959979","wikidata":"https://www.wikidata.org/wiki/Q36774","display_name":"Web page","level":2,"score":0.3334025740623474},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.22896096110343933},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1773732304573059},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.13339504599571228},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.11490553617477417},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2810103.2813625","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2810103.2813625","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.5699999928474426}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W133470593","https://openalex.org/W1577719850","https://openalex.org/W1991074244","https://openalex.org/W1999753800","https://openalex.org/W2043837581","https://openalex.org/W2048297044","https://openalex.org/W2049214202","https://openalex.org/W2055765785","https://openalex.org/W2071484336","https://openalex.org/W2090924529","https://openalex.org/W2094568767","https://openalex.org/W2095851690","https://openalex.org/W2101678831","https://openalex.org/W2134646643","https://openalex.org/W2137789775","https://openalex.org/W2155735696","https://openalex.org/W2165004968","https://openalex.org/W2177614278","https://openalex.org/W2405282478","https://openalex.org/W2612754285","https://openalex.org/W4233177776"],"related_works":["https://openalex.org/W3212134035","https://openalex.org/W2907490423","https://openalex.org/W2998205945","https://openalex.org/W2611265297","https://openalex.org/W1976299830","https://openalex.org/W2548409577","https://openalex.org/W1531015913","https://openalex.org/W3180404666","https://openalex.org/W2407701912","https://openalex.org/W1484631816"],"abstract_inverted_index":{"Although":[0],"studies":[1],"have":[2,26,156],"shown":[3],"that":[4,148,201],"at":[5],"least":[6],"one":[7],"in":[8,30,33,132],"ten":[9],"Web":[10],"pages":[11],"contains":[12],"a":[13,38,52,66,84,90,116,139,150,157,163],"client-side":[14,189],"XSS":[15,190],"vulnerability,":[16],"the":[17,60,107,111,122,186,202],"prevalent":[18],"causes":[19,204],"for":[20,102,205],"this":[21,34,48],"class":[22],"of":[23,54,71,110,118,124,153,166,188,196],"Cross-Site":[24,207],"Scripting":[25,208],"not":[27],"been":[28],"studied":[29],"depth.":[31],"Therefore,":[32],"paper,":[35],"we":[36,50,94,114,146,178],"present":[37],"large-scale":[39],"study":[40],"to":[41,77,82,120,137,185,213],"gain":[42,179],"insight":[43],"into":[44,181],"these":[45],"causes.":[46],"To":[47],"end,":[49],"analyze":[51],"set":[53,117,135],"1,273":[55],"real-world":[56],"vulnerabilities":[57,81,131,155],"contained":[58],"on":[59,106],"Alexa":[61],"Top":[62],"10k":[63],"domains":[64],"using":[65],"specifically":[67],"designed":[68],"architecture,":[69],"consisting":[70],"an":[72],"infrastructure":[73],"which":[74],"allows":[75],"us":[76],"persist":[78],"and":[79,168,199,216],"replay":[80],"ensure":[83],"sound":[85],"analysis.":[86,142],"In":[87,143,176],"combination":[88],"with":[89],"taint-aware":[91],"browsing":[92],"engine,":[93],"can":[95],"therefore":[96],"collect":[97],"important":[98],"execution":[99],"trace":[100],"information":[101],"all":[103,130,154],"flaws.":[104],"Based":[105],"observable":[108],"characteristics":[109],"vulnerable":[112,173],"JavaScript,":[113],"derive":[115],"metrics":[119],"measure":[121],"complexity":[123,159,167],"each":[125],"flaw.":[126],"We":[127],"subsequently":[128],"classify":[129],"our":[133],"data":[134],"accordingly":[136],"enable":[138],"more":[140],"systematic":[141],"doing":[144],"so,":[145],"find":[147,200],"although":[149],"large":[151],"portion":[152],"low":[158],"rating,":[160],"several":[161],"incur":[162],"significant":[164],"level":[165],"are":[169],"repeatedly":[170],"caused":[171],"by":[172],"third-party":[174,217],"scripts.":[175],"addition,":[177],"insights":[180],"other":[182],"factors":[183],"related":[184],"existence":[187],"flaws,":[191],"such":[192],"as":[193],"missing":[194],"knowledge":[195],"browser-provided":[197],"APIs,":[198],"root":[203],"Client-Side":[206],"range":[209],"from":[210],"unaware":[211],"developers":[212],"incompatible":[214],"first-":[215],"code.":[218]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":8},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":4},{"year":2016,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}