{"id":"https://openalex.org/W2735026211","doi":"https://doi.org/10.1145/3106237.3122822","title":"JoanAudit: a tool for auditing common injection vulnerabilities","display_name":"JoanAudit: a tool for auditing common injection vulnerabilities","publication_year":2017,"publication_date":"2017-08-02","ids":{"openalex":"https://openalex.org/W2735026211","doi":"https://doi.org/10.1145/3106237.3122822","mag":"2735026211"},"language":"en","primary_location":{"id":"doi:10.1145/3106237.3122822","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3106237.3122822","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://ink.library.smu.edu.sg/sis_research/4776","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5073647793","display_name":"Julian Thom\u00e9","orcid":"https://orcid.org/0000-0003-4645-3489"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":true,"raw_author_name":"Julian Thom\u00e9","raw_affiliation_strings":["University of Luxembourg, Luxembourg"],"affiliations":[{"raw_affiliation_string":"University of Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029828965","display_name":"Lwin Khin Shar","orcid":"https://orcid.org/0000-0001-5130-0407"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Lwin Khin Shar","raw_affiliation_strings":["University of Luxembourg, Luxembourg"],"affiliations":[{"raw_affiliation_string":"University of Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038017715","display_name":"Domenico Bianculli","orcid":"https://orcid.org/0000-0002-4854-685X"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Domenico Bianculli","raw_affiliation_strings":["University of Luxembourg, Luxembourg"],"affiliations":[{"raw_affiliation_string":"University of Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5078533117","display_name":"Lionel Briand","orcid":"https://orcid.org/0000-0002-1393-1010"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Lionel C. Briand","raw_affiliation_strings":["University of Luxembourg, Luxembourg"],"affiliations":[{"raw_affiliation_string":"University of Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5073647793"],"corresponding_institution_ids":["https://openalex.org/I186903577"],"apc_list":null,"apc_paid":null,"fwci":1.5176,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.87251031,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1004","last_page":"1008"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9925000071525574,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.8195964097976685},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7774803638458252},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.7290475368499756},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6450314521789551},{"id":"https://openalex.org/keywords/information-security-audit","display_name":"Information security audit","score":0.57649165391922},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.5632615685462952},{"id":"https://openalex.org/keywords/full-disclosure","display_name":"Full disclosure","score":0.47055768966674805},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.46169814467430115},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.4536811411380768},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.4481389820575714},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4379265606403351},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2776080071926117},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.21357235312461853},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.2123108208179474},{"id":"https://openalex.org/keywords/accounting","display_name":"Accounting","score":0.16609257459640503},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.11556950211524963},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.10397019982337952},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.07081449031829834},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.0687384307384491}],"concepts":[{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.8195964097976685},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7774803638458252},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.7290475368499756},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6450314521789551},{"id":"https://openalex.org/C39358052","wikidata":"https://www.wikidata.org/wiki/Q2578632","display_name":"Information security audit","level":5,"score":0.57649165391922},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.5632615685462952},{"id":"https://openalex.org/C107101626","wikidata":"https://www.wikidata.org/wiki/Q842234","display_name":"Full disclosure","level":2,"score":0.47055768966674805},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.46169814467430115},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.4536811411380768},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.4481389820575714},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4379265606403351},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2776080071926117},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.21357235312461853},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.2123108208179474},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.16609257459640503},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.11556950211524963},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.10397019982337952},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.07081449031829834},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0687384307384491},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3106237.3122822","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3106237.3122822","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:ink.library.smu.edu.sg:sis_research-5779","is_oa":true,"landing_page_url":"https://ink.library.smu.edu.sg/sis_research/4776","pdf_url":null,"source":{"id":"https://openalex.org/S4377196871","display_name":"Institutional Knowledge (InK) - Institutional Knowledge at Singapore Management University (Singapore Management University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79891267","host_organization_name":"Singapore Management University","host_organization_lineage":["https://openalex.org/I79891267"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://doi.org/10.1145/3106237.3122822","raw_type":"Conference Proceeding Article"},{"id":"pmh:oai:orbilu.uni.lu:10993/31717","is_oa":true,"landing_page_url":"http://orbilu.uni.lu/handle/10993/31717","pdf_url":null,"source":{"id":"https://openalex.org/S4306401815","display_name":"Open Repository and Bibliography (University of Luxembourg)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I186903577","host_organization_name":"University of Luxembourg","host_organization_lineage":["https://openalex.org/I186903577"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (2017-09); ESEC/FSE 2017: 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, Paderborn, Germany [DE], from 04-09-2017 to 08-09-2017","raw_type":"peer reviewed"}],"best_oa_location":{"id":"pmh:oai:ink.library.smu.edu.sg:sis_research-5779","is_oa":true,"landing_page_url":"https://ink.library.smu.edu.sg/sis_research/4776","pdf_url":null,"source":{"id":"https://openalex.org/S4377196871","display_name":"Institutional Knowledge (InK) - Institutional Knowledge at Singapore Management University (Singapore Management University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79891267","host_organization_name":"Singapore Management University","host_organization_lineage":["https://openalex.org/I79891267"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://doi.org/10.1145/3106237.3122822","raw_type":"Conference Proceeding Article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.6200000047683716}],"awards":[{"id":"https://openalex.org/G1372063688","display_name":null,"funder_award_id":"INTER/DFG/14/11092585","funder_id":"https://openalex.org/F4320321038","funder_display_name":"Fonds National de la Recherche Luxembourg"},{"id":"https://openalex.org/G6125804149","display_name":null,"funder_award_id":"FNR/P10/03","funder_id":"https://openalex.org/F4320321038","funder_display_name":"Fonds National de la Recherche Luxembourg"},{"id":"https://openalex.org/G6569898932","display_name":null,"funder_award_id":"FNR9132112, INTER/DFG/14/11092585, FNR/P10/03","funder_id":"https://openalex.org/F4320321038","funder_display_name":"Fonds National de la Recherche Luxembourg"}],"funders":[{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"},{"id":"https://openalex.org/F4320321038","display_name":"Fonds National de la Recherche Luxembourg","ror":"https://ror.org/039z13y21"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":42,"referenced_works":["https://openalex.org/W28374546","https://openalex.org/W1008898928","https://openalex.org/W1505465226","https://openalex.org/W1524838762","https://openalex.org/W1614825945","https://openalex.org/W1899538528","https://openalex.org/W1929541515","https://openalex.org/W1952344271","https://openalex.org/W1986216741","https://openalex.org/W1986453394","https://openalex.org/W1989657183","https://openalex.org/W1992114977","https://openalex.org/W2006860739","https://openalex.org/W2065555413","https://openalex.org/W2067726273","https://openalex.org/W2070791239","https://openalex.org/W2080696000","https://openalex.org/W2085708896","https://openalex.org/W2085925880","https://openalex.org/W2087527532","https://openalex.org/W2092483417","https://openalex.org/W2098007390","https://openalex.org/W2105742204","https://openalex.org/W2107147876","https://openalex.org/W2114502851","https://openalex.org/W2125357166","https://openalex.org/W2129362719","https://openalex.org/W2140495200","https://openalex.org/W2144611797","https://openalex.org/W2144696387","https://openalex.org/W2147088720","https://openalex.org/W2166381878","https://openalex.org/W2208116078","https://openalex.org/W2320107880","https://openalex.org/W2468358417","https://openalex.org/W2469491375","https://openalex.org/W2577844960","https://openalex.org/W2592097190","https://openalex.org/W2612724187","https://openalex.org/W2743202791","https://openalex.org/W2743349378","https://openalex.org/W4253692155"],"related_works":["https://openalex.org/W1978034799","https://openalex.org/W4384518368","https://openalex.org/W2141388993","https://openalex.org/W2155353733","https://openalex.org/W2504659933","https://openalex.org/W2039943835","https://openalex.org/W2293245356","https://openalex.org/W2560421591","https://openalex.org/W1566131087","https://openalex.org/W2150933192"],"abstract_inverted_index":{"JoanAudit":[0,54],"is":[1,55,135],"a":[2,51],"static":[3],"analysis":[4],"tool":[5],"to":[6,42,65,119],"assist":[7],"security":[8,36,44,115],"auditors":[9,45,116],"in":[10,50,85,95],"auditing":[11,128],"Web":[12,15],"applications":[13],"and":[14,37,62,68],"services":[16],"for":[17,35,127],"common":[18,129],"injection":[19,66,130],"vulnerabilities":[20,67,84],"during":[21],"software":[22],"development.":[23],"It":[24,76],"automatically":[25,79],"identifies":[26],"parts":[27],"of":[28,83,100,123],"the":[29,47,124],"program":[30],"code":[31,49,87,126],"that":[32,72,111],"are":[33,92,117],"relevant":[34,64],"generates":[38],"an":[39],"HTML":[40],"report":[41],"guide":[43],"audit":[46],"source":[48,86],"scalable":[52],"way.":[53],"configured":[56],"with":[57],"various":[58],"security-sensitive":[59],"input":[60],"sources":[61],"sinks":[63,96],"standard":[69,105],"sanitization":[70,101,106],"procedures":[71],"prevent":[73],"these":[74],"vulnerabilities.":[75,131],"can":[77],"also":[78],"fix":[80],"some":[81],"cases":[82,89],"\u2014":[88,102],"where":[90],"inputs":[91],"directly":[93],"used":[94],"without":[97],"any":[98],"form":[99],"by":[103,112],"using":[104,113],"procedures.":[107],"Our":[108],"evaluation":[109],"shows":[110],"JoanAudit,":[114],"required":[118],"inspect":[120],"only":[121],"1%":[122],"total":[125],"The":[132],"screen-cast":[133],"demo":[134],"available":[136],"at":[137],"https://github.com/julianthome/joanaudit.":[138]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":1}],"updated_date":"2026-04-20T07:46:08.049788","created_date":"2025-10-10T00:00:00"}