{"id":"https://openalex.org/W2400965960","doi":"https://doi.org/10.1145/2897845.2897889","title":"Half-Baked Cookies","display_name":"Half-Baked Cookies","publication_year":2016,"publication_date":"2016-05-27","ids":{"openalex":"https://openalex.org/W2400965960","doi":"https://doi.org/10.1145/2897845.2897889","mag":"2400965960"},"language":"en","primary_location":{"id":"doi:10.1145/2897845.2897889","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2897845.2897889","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"conference-paper","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5053697124","display_name":"Yogesh Mundada","orcid":null},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yogesh Mundada","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068586837","display_name":"Nick Feamster","orcid":"https://orcid.org/0000-0001-9315-5201"},"institutions":[{"id":"https://openalex.org/I20089843","display_name":"Princeton University","ror":"https://ror.org/00hx57361","country_code":"US","type":"education","lineage":["https://openalex.org/I20089843"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nick Feamster","raw_affiliation_strings":["Princeton University, Princeton, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Princeton University, Princeton, USA","institution_ids":["https://openalex.org/I20089843"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5110245986","display_name":"Balachander Krishnamurthy","orcid":null},"institutions":[{"id":"https://openalex.org/I1283103587","display_name":"AT&T (United States)","ror":"https://ror.org/02bbd5539","country_code":"US","type":"company","lineage":["https://openalex.org/I1283103587"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Balachander Krishnamurthy","raw_affiliation_strings":["AT&amp;T Labs Research, New Jersey, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"AT&amp;T Labs Research, New Jersey, USA","institution_ids":["https://openalex.org/I1283103587"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":19,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"675","last_page":"685"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/programmer","display_name":"Programmer","score":0.8376569151878357},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7928474545478821},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.7163870334625244},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.5672498941421509},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.42052754759788513},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4127233922481537},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.12115025520324707}],"concepts":[{"id":"https://openalex.org/C2778514511","wikidata":"https://www.wikidata.org/wiki/Q1374194","display_name":"Programmer","level":2,"score":0.8376569151878357},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7928474545478821},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.7163870334625244},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.5672498941421509},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.42052754759788513},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4127233922481537},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.12115025520324707}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2897845.2897889","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2897845.2897889","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W95608104","https://openalex.org/W219436511","https://openalex.org/W1475974720","https://openalex.org/W1506285740","https://openalex.org/W1605786385","https://openalex.org/W1667466877","https://openalex.org/W1888717584","https://openalex.org/W1978174042","https://openalex.org/W2008251338","https://openalex.org/W2079029214","https://openalex.org/W2099474262","https://openalex.org/W2146595241","https://openalex.org/W2148939418","https://openalex.org/W2229919479","https://openalex.org/W2255369088","https://openalex.org/W2272562791","https://openalex.org/W2300554752"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2379153735","https://openalex.org/W2046172023","https://openalex.org/W2972896947","https://openalex.org/W2170146914","https://openalex.org/W2355105570","https://openalex.org/W2083974823","https://openalex.org/W2072751097","https://openalex.org/W2015567081","https://openalex.org/W2912135041"],"abstract_inverted_index":{"Modern":[0],"websites":[1,175],"use":[2,35],"multiple":[3],"authentication":[4,37,91,110],"cookies":[5,38,111],"to":[6,9,31,49,73,85,102,108,119,127,133,171,190],"allow":[7],"visitors":[8],"the":[10,34,52,60,88,116,128,138,181],"site":[11],"different":[12],"levels":[13],"of":[14,18,36,51,115,149,160],"access.":[15],"The":[16],"complexity":[17],"modern":[19,82],"web":[20,28,67,83,105],"applications":[21],"can":[22,57],"make":[23],"it":[24],"difficult":[25],"for":[26,81,112],"a":[27,45,79,99,104,147],"application":[29,106],"programmer":[30,46,107],"ensure":[32],"that":[33,87,121,158,183],"does":[39],"not":[40],"introduce":[41],"vulnerabilities.":[42],"Even":[43],"when":[44,66],"has":[47],"access":[48],"all":[50],"source":[53],"code,":[54],"this":[55],"analysis":[56],"be":[58],"challenging;":[59],"problem":[61],"becomes":[62],"even":[63],"more":[64],"vexing":[65],"programmers":[68,84],"cobble":[69],"together":[70],"off-the-shelf":[71],"libraries":[72],"implement":[74],"authentication.":[75],"We":[76,130,156],"have":[77,176],"assembled":[78],"checklist":[80],"verify":[86,120],"cookie":[89],"based":[90],"mechanism":[92],"is":[93],"securely":[94,124],"implemented.":[95],"Then,":[96],"we":[97,184],"developed":[98],"tool,":[100],"Newton,":[101],"help":[103],"identify":[109],"specific":[113],"parts":[114],"website":[117],"and":[118,141,154,168,179,188],"they":[122],"are":[123],"implemented":[125],"according":[126],"checklist.":[129],"used":[131],"Newton":[132,187],"analyze":[134],"149":[135],"sites,":[136],"including":[137,151],"Alexa":[139],"top-200":[140],"many":[142],"other":[143],"popular":[144],"sites":[145,163],"across":[146],"range":[148],"categories":[150],"search,":[152],"shopping,":[153],"finance.":[155],"found":[157,185],"113":[159],"them---including":[161],"high-profile":[162],"such":[164],"as":[165],"Yahoo,":[166],"Amazon,":[167],"Fidelity---were":[169],"vulnerable":[170],"hijacking":[172],"attacks.":[173],"Many":[174],"already":[177],"acknowledged":[178],"fixed":[180],"vulnerabilities":[182],"using":[186],"reported":[189],"them.":[191]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":2},{"year":2016,"cited_by_count":1}],"updated_date":"2026-07-14T23:27:15.235271","created_date":"2016-06-24T00:00:00"}
