{"id":"https://openalex.org/W2553637483","doi":"https://doi.org/10.1145/2987386.2987432","title":"Runtime Input Validation for Java Web Applications using Static Bytecode Instrumentation","display_name":"Runtime Input Validation for Java Web Applications using Static Bytecode Instrumentation","publication_year":2016,"publication_date":"2016-10-11","ids":{"openalex":"https://openalex.org/W2553637483","doi":"https://doi.org/10.1145/2987386.2987432","mag":"2553637483"},"language":"en","primary_location":{"id":"doi:10.1145/2987386.2987432","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2987386.2987432","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the International Conference on Research in Adaptive and Convergent Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5046420199","display_name":"Sangwook Cho","orcid":null},"institutions":[{"id":"https://openalex.org/I89015989","display_name":"Dankook University","ror":"https://ror.org/058pdbn81","country_code":"KR","type":"education","lineage":["https://openalex.org/I89015989"]}],"countries":["KR"],"is_corresponding":true,"raw_author_name":"Sangwook Cho","raw_affiliation_strings":["Dept. of Computer Science and Engineering, Dankook University, Yongin, Korea"],"affiliations":[{"raw_affiliation_string":"Dept. of Computer Science and Engineering, Dankook University, Yongin, Korea","institution_ids":["https://openalex.org/I89015989"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081575236","display_name":"Gyoosik Kim","orcid":null},"institutions":[{"id":"https://openalex.org/I89015989","display_name":"Dankook University","ror":"https://ror.org/058pdbn81","country_code":"KR","type":"education","lineage":["https://openalex.org/I89015989"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Gyoosik Kim","raw_affiliation_strings":["Dept. of Computer Science and Engineering, Dankook University, Yongin, Korea"],"affiliations":[{"raw_affiliation_string":"Dept. of Computer Science and Engineering, Dankook University, Yongin, Korea","institution_ids":["https://openalex.org/I89015989"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064210973","display_name":"Seong-je Cho","orcid":"https://orcid.org/0000-0001-9917-0429"},"institutions":[{"id":"https://openalex.org/I89015989","display_name":"Dankook University","ror":"https://ror.org/058pdbn81","country_code":"KR","type":"education","lineage":["https://openalex.org/I89015989"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Seong-je Cho","raw_affiliation_strings":["Dept. of Computer Science and Engineering, Dankook University, Yongin, Korea"],"affiliations":[{"raw_affiliation_string":"Dept. of Computer Science and Engineering, Dankook University, Yongin, Korea","institution_ids":["https://openalex.org/I89015989"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039803598","display_name":"Jongmoo Choi","orcid":"https://orcid.org/0000-0003-2042-6327"},"institutions":[{"id":"https://openalex.org/I89015989","display_name":"Dankook University","ror":"https://ror.org/058pdbn81","country_code":"KR","type":"education","lineage":["https://openalex.org/I89015989"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Jongmoo Choi","raw_affiliation_strings":["Dept. of Computer Science and Engineering, Dankook University, Yongin, Korea"],"affiliations":[{"raw_affiliation_string":"Dept. of Computer Science and Engineering, Dankook University, Yongin, Korea","institution_ids":["https://openalex.org/I89015989"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101428284","display_name":"Minkyu Park","orcid":"https://orcid.org/0000-0002-1426-1944"},"institutions":[{"id":"https://openalex.org/I24062138","display_name":"Konkuk University","ror":"https://ror.org/025h1m602","country_code":"KR","type":"education","lineage":["https://openalex.org/I24062138"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Minkyu Park","raw_affiliation_strings":["Dept. of Computer Engineering, Konkuk University, Chungju, Korea"],"affiliations":[{"raw_affiliation_string":"Dept. of Computer Engineering, Konkuk University, Chungju, Korea","institution_ids":["https://openalex.org/I24062138"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067982243","display_name":"Sangchul Han","orcid":"https://orcid.org/0000-0001-6100-103X"},"institutions":[{"id":"https://openalex.org/I24062138","display_name":"Konkuk University","ror":"https://ror.org/025h1m602","country_code":"KR","type":"education","lineage":["https://openalex.org/I24062138"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Sangchul Han","raw_affiliation_strings":["Dept. of Computer Engineering, Konkuk University, Chungju, Korea"],"affiliations":[{"raw_affiliation_string":"Dept. of Computer Engineering, Konkuk University, Chungju, Korea","institution_ids":["https://openalex.org/I24062138"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5046420199"],"corresponding_institution_ids":["https://openalex.org/I89015989"],"apc_list":null,"apc_paid":null,"fwci":0.6635,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.8038345,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"148","last_page":"152"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9830999970436096,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8864234089851379},{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.7993353605270386},{"id":"https://openalex.org/keywords/bytecode","display_name":"Bytecode","score":0.6265689730644226},{"id":"https://openalex.org/keywords/java-bytecode","display_name":"Java bytecode","score":0.5924093723297119},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.5688993334770203},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.562941312789917},{"id":"https://openalex.org/keywords/sql-injection","display_name":"SQL injection","score":0.4769783914089203},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.41251468658447266},{"id":"https://openalex.org/keywords/java-applet","display_name":"Java applet","score":0.38847142457962036},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.3688773810863495},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.3430287539958954},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.30816298723220825},{"id":"https://openalex.org/keywords/java-annotation","display_name":"Java annotation","score":0.29583728313446045},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.14761599898338318},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.1276317536830902},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.11824026703834534}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8864234089851379},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.7993353605270386},{"id":"https://openalex.org/C2779818221","wikidata":"https://www.wikidata.org/wiki/Q837330","display_name":"Bytecode","level":3,"score":0.6265689730644226},{"id":"https://openalex.org/C2777472213","wikidata":"https://www.wikidata.org/wiki/Q137496","display_name":"Java bytecode","level":5,"score":0.5924093723297119},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.5688993334770203},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.562941312789917},{"id":"https://openalex.org/C150451098","wikidata":"https://www.wikidata.org/wiki/Q506059","display_name":"SQL injection","level":5,"score":0.4769783914089203},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.41251468658447266},{"id":"https://openalex.org/C15524039","wikidata":"https://www.wikidata.org/wiki/Q865817","display_name":"Java applet","level":3,"score":0.38847142457962036},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3688773810863495},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.3430287539958954},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.30816298723220825},{"id":"https://openalex.org/C168702491","wikidata":"https://www.wikidata.org/wiki/Q567345","display_name":"Java annotation","level":4,"score":0.29583728313446045},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.14761599898338318},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.1276317536830902},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.11824026703834534},{"id":"https://openalex.org/C164120249","wikidata":"https://www.wikidata.org/wiki/Q995982","display_name":"Web search query","level":3,"score":0.0},{"id":"https://openalex.org/C97854310","wikidata":"https://www.wikidata.org/wiki/Q19541","display_name":"Search engine","level":2,"score":0.0},{"id":"https://openalex.org/C194222762","wikidata":"https://www.wikidata.org/wiki/Q114486","display_name":"Query by Example","level":4,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2987386.2987432","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2987386.2987432","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the International Conference on Research in Adaptive and Convergent Systems","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6600000262260437}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":8,"referenced_works":["https://openalex.org/W1603532378","https://openalex.org/W1948712562","https://openalex.org/W2095851690","https://openalex.org/W2112034658","https://openalex.org/W2135560834","https://openalex.org/W2153919898","https://openalex.org/W2163049969","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W4312406950","https://openalex.org/W3188339517","https://openalex.org/W2611747598","https://openalex.org/W2549898710","https://openalex.org/W2166381878","https://openalex.org/W2955734438","https://openalex.org/W2504194819","https://openalex.org/W3132720240","https://openalex.org/W2080399439","https://openalex.org/W2355067558"],"abstract_inverted_index":{"As":[0],"web":[1,12,14,33,69,127,147],"applications":[2,15,70,128],"is":[3],"becoming":[4],"more":[5],"prominent":[6],"due":[7],"to":[8,24],"the":[9,100,108,121,134,137,159],"ubiquity":[10],"of":[11,40,67,107,136],"services,":[13],"have":[16],"become":[17],"main":[18],"targets":[19],"for":[20,82],"attackers.":[21],"In":[22],"order":[23],"steal":[25],"or":[26,85],"leak":[27],"sensitive":[28],"user":[29],"data":[30],"managed":[31],"by":[32,150],"applications,":[34],"attackers":[35],"exploit":[36],"a":[37,60],"wide":[38],"range":[39],"input":[41,65,77,105,122,164],"validation":[42,123,165],"vulnerabilities":[43,124,166],"such":[44,167],"as":[45,168],"SQL":[46,169],"injection,":[47],"path":[48,172],"traversal":[49],"(or":[50],"directory":[51],"traversal),":[52],"cross-site":[53],"scripting":[54],"(XSS),":[55],"etc.":[56],"This":[57],"paper":[58],"propose":[59],"technique":[61,80,118,161],"that":[62,158],"can":[63,119],"verify":[64],"values":[66,106],"Java-based":[68,126],"using":[71],"static":[72],"bytecode":[73,96,102],"instrumentation":[74],"and":[75,93,110,171],"runtime":[76],"validation.":[78],"The":[79,116,154],"searches":[81],"target":[83],"methods":[84],"object":[86],"constructors":[87],"in":[88,125],"compiled":[89],"Java":[90],"class":[91],"files,":[92],"statically":[94],"inserts":[95],"modules.":[97],"At":[98],"runtime,":[99],"instrumented":[101],"modules":[103],"validate":[104],"targets,":[109],"take":[111],"countermeasure":[112],"against":[113],"malicious":[114],"inputs.":[115],"proposed":[117,138,160],"mitigate":[120],"without":[129],"source":[130],"codes.":[131],"To":[132],"evaluate":[133],"effectiveness":[135],"technique,":[139],"experiments":[140],"are":[141],"carried":[142],"out":[143],"with":[144],"an":[145],"insecure":[146],"application":[148],"maintained":[149],"OWASP":[151],"WebGoat":[152],"Project.":[153],"experimental":[155],"results":[156],"show":[157],"successfully":[162],"mitigates":[163],"injection":[170],"traversal.":[173]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}