{"id":"https://openalex.org/W2148939418","doi":"https://doi.org/10.1145/2046707.2046777","title":"Fortifying web-based applications automatically","display_name":"Fortifying web-based applications automatically","publication_year":2011,"publication_date":"2011-10-17","ids":{"openalex":"https://openalex.org/W2148939418","doi":"https://doi.org/10.1145/2046707.2046777","mag":"2148939418"},"language":"en","primary_location":{"id":"doi:10.1145/2046707.2046777","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2046707.2046777","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th ACM conference on Computer and communications security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5002285642","display_name":"Shuo Tang","orcid":"https://orcid.org/0009-0000-4531-2858"},"institutions":[{"id":"https://openalex.org/I2801919071","display_name":"University of Illinois System","ror":"https://ror.org/05e94g991","country_code":"US","type":"education","lineage":["https://openalex.org/I2801919071"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Shuo Tang","raw_affiliation_strings":["University of Illinois, Urbana, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois, Urbana, IL, USA","institution_ids":["https://openalex.org/I2801919071"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043375112","display_name":"Nathan Dautenhahn","orcid":"https://orcid.org/0000-0001-8456-6957"},"institutions":[{"id":"https://openalex.org/I2801919071","display_name":"University of Illinois System","ror":"https://ror.org/05e94g991","country_code":"US","type":"education","lineage":["https://openalex.org/I2801919071"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nathan Dautenhahn","raw_affiliation_strings":["University of Illinois, Urbana, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois, Urbana, IL, USA","institution_ids":["https://openalex.org/I2801919071"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5112039412","display_name":"Samuel T. King","orcid":null},"institutions":[{"id":"https://openalex.org/I2801919071","display_name":"University of Illinois System","ror":"https://ror.org/05e94g991","country_code":"US","type":"education","lineage":["https://openalex.org/I2801919071"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Samuel T. King","raw_affiliation_strings":["University of Illinois, Urbana, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois, Urbana, IL, USA","institution_ids":["https://openalex.org/I2801919071"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5002285642"],"corresponding_institution_ids":["https://openalex.org/I2801919071"],"apc_list":null,"apc_paid":null,"fwci":8.1285,"has_fulltext":false,"cited_by_count":35,"citation_normalized_percentile":{"value":0.97202869,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"615","last_page":"626"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.793561577796936},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.7847863435745239},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.6455915570259094},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.6422394514083862},{"id":"https://openalex.org/keywords/client-side-scripting","display_name":"Client-side scripting","score":0.6395071744918823},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.6210167407989502},{"id":"https://openalex.org/keywords/web-api","display_name":"Web API","score":0.6200958490371704},{"id":"https://openalex.org/keywords/web-modeling","display_name":"Web modeling","score":0.6164252161979675},{"id":"https://openalex.org/keywords/web-page","display_name":"Web page","score":0.5872329473495483},{"id":"https://openalex.org/keywords/web-standards","display_name":"Web standards","score":0.5777385234832764},{"id":"https://openalex.org/keywords/web-navigation","display_name":"Web navigation","score":0.5544999241828918},{"id":"https://openalex.org/keywords/web-design","display_name":"Web design","score":0.5177940130233765},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.48658597469329834},{"id":"https://openalex.org/keywords/mashup","display_name":"Mashup","score":0.4857642948627472},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4701438248157501},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.4227157235145569},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.23494860529899597}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.793561577796936},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.7847863435745239},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.6455915570259094},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.6422394514083862},{"id":"https://openalex.org/C195274430","wikidata":"https://www.wikidata.org/wiki/Q1650567","display_name":"Client-side scripting","level":5,"score":0.6395071744918823},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.6210167407989502},{"id":"https://openalex.org/C127613066","wikidata":"https://www.wikidata.org/wiki/Q557770","display_name":"Web API","level":4,"score":0.6200958490371704},{"id":"https://openalex.org/C130436687","wikidata":"https://www.wikidata.org/wiki/Q7978591","display_name":"Web modeling","level":3,"score":0.6164252161979675},{"id":"https://openalex.org/C21959979","wikidata":"https://www.wikidata.org/wiki/Q36774","display_name":"Web page","level":2,"score":0.5872329473495483},{"id":"https://openalex.org/C182321512","wikidata":"https://www.wikidata.org/wiki/Q1153289","display_name":"Web standards","level":3,"score":0.5777385234832764},{"id":"https://openalex.org/C61096286","wikidata":"https://www.wikidata.org/wiki/Q7978592","display_name":"Web navigation","level":3,"score":0.5544999241828918},{"id":"https://openalex.org/C521306242","wikidata":"https://www.wikidata.org/wiki/Q190637","display_name":"Web design","level":3,"score":0.5177940130233765},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.48658597469329834},{"id":"https://openalex.org/C196126337","wikidata":"https://www.wikidata.org/wiki/Q821080","display_name":"Mashup","level":4,"score":0.4857642948627472},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4701438248157501},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.4227157235145569},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.23494860529899597}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2046707.2046777","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2046707.2046777","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th ACM conference on Computer and communications security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.7300000190734863}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W1222699389","https://openalex.org/W1492437080","https://openalex.org/W1543478129","https://openalex.org/W1705596515","https://openalex.org/W1888717584","https://openalex.org/W1907897959","https://openalex.org/W1973556911","https://openalex.org/W1995875735","https://openalex.org/W2025874281","https://openalex.org/W2053739444","https://openalex.org/W2072978486","https://openalex.org/W2083940415","https://openalex.org/W2089180764","https://openalex.org/W2122847456","https://openalex.org/W2159079348","https://openalex.org/W2168563136","https://openalex.org/W2170920217","https://openalex.org/W2171049321","https://openalex.org/W2405282478","https://openalex.org/W2746937343","https://openalex.org/W4249902158"],"related_works":["https://openalex.org/W153860273","https://openalex.org/W2006586554","https://openalex.org/W141137031","https://openalex.org/W3203975066","https://openalex.org/W1909822857","https://openalex.org/W1978163412","https://openalex.org/W2285505360","https://openalex.org/W2175076943","https://openalex.org/W2031340751","https://openalex.org/W1998455245"],"abstract_inverted_index":{"Browser":[0],"designers":[1],"create":[2],"security":[3,40,79],"mechanisms":[4,41,80],"to":[5,18,42,69,73,81,90,112],"help":[6],"web":[7,10,13,44,52,59,83,95,146],"developers":[8,14,147],"protect":[9,91],"applications,":[11],"but":[12],"are":[15],"usually":[16],"slow":[17],"use":[19],"these":[20],"features":[21],"in":[22],"web-based":[23],"applications":[24],"(web":[25],"apps).":[26],"In":[27],"this":[28,87],"paper":[29],"we":[30],"introduce":[31],"Zan,":[32],"a":[33],"browser-based":[34],"system":[35],"for":[36,76,118,132],"applying":[37,77],"new":[38,78,88],"browser":[39,72],"legacy":[43],"apps":[45,53,96],"automatically.":[46],"Our":[47],"key":[48,64],"insight":[49],"is":[50],"that":[51,126],"often":[54],"contain":[55],"enough":[56],"information,":[57],"via":[58],"developer":[60],"source-code":[61],"patterns":[62],"or":[63],"properties":[65],"of":[66,120,135],"web-app":[67],"objects,":[68],"allow":[70],"the":[71,113,121,133,145],"infer":[74],"opportunities":[75],"existing":[82],"apps.":[84],"We":[85,107,124],"apply":[86],"concept":[89],"authentication":[92],"cookies,":[93],"prevent":[94],"from":[97,144],"being":[98],"framed":[99],"unwittingly,":[100],"and":[101,148],"perform":[102],"JavaScript":[103],"object":[104],"deserialization":[105],"safely.":[106],"evaluate":[108],"Zan":[109,127],"on":[110],"up":[111],"1000":[114],"most":[115],"popular":[116],"websites":[117,138],"each":[119],"three":[122],"cases.":[123],"find":[125],"can":[128],"provide":[129],"complimentary":[130],"protection":[131],"majority":[134],"potentially":[136],"applicable":[137],"automatically":[139],"without":[140],"requiring":[141],"additional":[142],"code":[143],"with":[149],"negligible":[150],"incompatibility":[151],"impact.":[152]},"counts_by_year":[{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":4},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":3},{"year":2015,"cited_by_count":6},{"year":2014,"cited_by_count":6},{"year":2013,"cited_by_count":3},{"year":2012,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}