{"id":"https://openalex.org/W2601775261","doi":"https://doi.org/10.1145/3029806.3029838","title":"Sound and Static Analysis of Session Fixation Vulnerabilities in PHP Web Applications","display_name":"Sound and Static Analysis of Session Fixation Vulnerabilities in PHP Web Applications","publication_year":2017,"publication_date":"2017-03-20","ids":{"openalex":"https://openalex.org/W2601775261","doi":"https://doi.org/10.1145/3029806.3029838","mag":"2601775261"},"language":"en","primary_location":{"id":"doi:10.1145/3029806.3029838","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3029806.3029838","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5012829250","display_name":"Abdelouahab Amira","orcid":"https://orcid.org/0000-0002-2516-738X"},"institutions":[{"id":"https://openalex.org/I4210095777","display_name":"Centre de Recherche sur l'Information Scientifique et Technique","ror":"https://ror.org/01k1bte55","country_code":"DZ","type":"government","lineage":["https://openalex.org/I4210095777","https://openalex.org/I4210114810"]}],"countries":["DZ"],"is_corresponding":true,"raw_author_name":"Abdelouahab Amira","raw_affiliation_strings":["Research Center on Scientific and Technical Information CERIST & A.MIRA University, Algiers, Algeria"],"affiliations":[{"raw_affiliation_string":"Research Center on Scientific and Technical Information CERIST & A.MIRA University, Algiers, Algeria","institution_ids":["https://openalex.org/I4210095777"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062009115","display_name":"Abdelraouf Ouadjaout","orcid":"https://orcid.org/0000-0001-7248-5914"},"institutions":[{"id":"https://openalex.org/I39804081","display_name":"Sorbonne Universit\u00e9","ror":"https://ror.org/02en5vm52","country_code":"FR","type":"education","lineage":["https://openalex.org/I39804081"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Abdelraouf Ouadjaout","raw_affiliation_strings":["LIP6, University Pierre and Marie Curie, Paris, France"],"affiliations":[{"raw_affiliation_string":"LIP6, University Pierre and Marie Curie, Paris, France","institution_ids":["https://openalex.org/I39804081"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081909889","display_name":"Abdelouahid Derhab","orcid":"https://orcid.org/0000-0002-6498-1528"},"institutions":[{"id":"https://openalex.org/I28022161","display_name":"King Saud University","ror":"https://ror.org/02f81g417","country_code":"SA","type":"education","lineage":["https://openalex.org/I28022161"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Abdelouahid Derhab","raw_affiliation_strings":["King Saud University, Riyadh, Saudi Arabia","Center of Excellence in Information Assurance"],"affiliations":[{"raw_affiliation_string":"King Saud University, Riyadh, Saudi Arabia","institution_ids":["https://openalex.org/I28022161"]},{"raw_affiliation_string":"Center of Excellence in Information Assurance","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5038562202","display_name":"Nadjib Badache","orcid":null},"institutions":[{"id":"https://openalex.org/I4210095777","display_name":"Centre de Recherche sur l'Information Scientifique et Technique","ror":"https://ror.org/01k1bte55","country_code":"DZ","type":"government","lineage":["https://openalex.org/I4210095777","https://openalex.org/I4210114810"]}],"countries":["DZ"],"is_corresponding":false,"raw_author_name":"Nadjib Badache","raw_affiliation_strings":["Centre de recherche sur l'information scientifique et technique (CERIST), Algiers, Algeria"],"affiliations":[{"raw_affiliation_string":"Centre de recherche sur l'information scientifique et technique (CERIST), Algiers, Algeria","institution_ids":["https://openalex.org/I4210095777"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5012829250"],"corresponding_institution_ids":["https://openalex.org/I4210095777"],"apc_list":null,"apc_paid":null,"fwci":1.67945112,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.86046639,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"139","last_page":"141"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9954000115394592,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9775000214576721,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8533319234848022},{"id":"https://openalex.org/keywords/session","display_name":"Session (web analytics)","score":0.7374049425125122},{"id":"https://openalex.org/keywords/correctness","display_name":"Correctness","score":0.6369963884353638},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5265172719955444},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.4866064786911011},{"id":"https://openalex.org/keywords/identifier","display_name":"Identifier","score":0.476217120885849},{"id":"https://openalex.org/keywords/abstract-interpretation","display_name":"Abstract interpretation","score":0.4522264301776886},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.34543922543525696},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.22587087750434875},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.16899913549423218},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1397877335548401}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8533319234848022},{"id":"https://openalex.org/C2779182362","wikidata":"https://www.wikidata.org/wiki/Q17126187","display_name":"Session (web analytics)","level":2,"score":0.7374049425125122},{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.6369963884353638},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5265172719955444},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.4866064786911011},{"id":"https://openalex.org/C154504017","wikidata":"https://www.wikidata.org/wiki/Q853614","display_name":"Identifier","level":2,"score":0.476217120885849},{"id":"https://openalex.org/C2780654840","wikidata":"https://www.wikidata.org/wiki/Q333341","display_name":"Abstract interpretation","level":2,"score":0.4522264301776886},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34543922543525696},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.22587087750434875},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.16899913549423218},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1397877335548401}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3029806.3029838","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3029806.3029838","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"},{"id":"pmh:oai:HAL:hal-01522368v1","is_oa":false,"landing_page_url":"https://hal.sorbonne-universite.fr/hal-01522368","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"CODASPY","raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6899999976158142}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":4,"referenced_works":["https://openalex.org/W219436511","https://openalex.org/W2043100293","https://openalex.org/W2093077836","https://openalex.org/W2110777392"],"related_works":["https://openalex.org/W1968011359","https://openalex.org/W1836373119","https://openalex.org/W2951137283","https://openalex.org/W4298767027","https://openalex.org/W2020973245","https://openalex.org/W1508927144","https://openalex.org/W4390398618","https://openalex.org/W4232090216","https://openalex.org/W2968467529","https://openalex.org/W2966015578"],"abstract_inverted_index":{"Web":[0],"applications":[1,67],"use":[2,27],"authentication":[3],"mechanisms":[4],"to":[5,9,50,102],"provide":[6],"user-friendly":[7],"content":[8],"users.":[10],"However,":[11],"some":[12],"dangerous":[13],"techniques":[14],"like":[15],"session":[16,29,69],"fixation":[17,70],"attacks":[18],"target":[19],"these":[20],"mechanisms,":[21],"by":[22,34,135],"making":[23],"the":[24,35,44,48,73,80,92,120,166],"legitimate":[25,45],"user":[26,46],"a":[28,60,103,116,139],"identifier":[30],"that":[31,64,83,99,129],"is":[32,79,100,109,115],"controlled":[33],"attacker.":[36],"In":[37,54],"this":[38,55,87],"way,":[39],"he":[40],"can":[41],"then":[42],"impersonate":[43],"without":[47],"need":[49],"know":[51],"his":[52],"credentials.":[53],"paper,":[56],"we":[57],"present":[58],"SAWFIX,":[59],"PHP":[61],"static":[62,127],"analyzer":[63,82],"checks":[65,84],"web":[66,150],"for":[68,86,118],"vulnerabilities.":[71],"To":[72],"best":[74],"of":[75,89,105,122,141,158,168],"our":[76,142,169],"knowledge,":[77],"SAWFIX":[78,108],"first":[81],"exhaustively":[85],"type":[88],"vulnerabilities,":[90],"while":[91],"other":[93],"methods":[94],"only":[95],"ensure":[96],"partial":[97],"correctness":[98],"limited":[101],"fraction":[104],"possible":[106],"executions.":[107],"based":[110],"on":[111,147],"abstract":[112],"interpretation,":[113],"which":[114,164],"theory":[117],"approximating":[119],"semantics":[121],"programs":[123],"and":[124,133,144,161],"allows":[125],"designing":[126],"analyzers":[128],"are":[130],"fully":[131],"automatic":[132],"sound":[134],"construction.":[136],"We":[137,152],"implemented":[138],"prototype":[140],"approach":[143],"tested":[145],"it":[146],"several":[148],"complex":[149],"applications.":[151],"obtained":[153],"promising":[154],"results":[155],"in":[156],"terms":[157],"detection":[159],"accuracy":[160],"processing":[162],"time,":[163],"reflects":[165],"efficiency":[167],"system.":[170]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}