{"id":"https://openalex.org/W2967262539","doi":"https://doi.org/10.1145/3338906.3341178","title":"JCOMIX: a search-based tool to detect XML injection vulnerabilities in web applications","display_name":"JCOMIX: a search-based tool to detect XML injection vulnerabilities in web applications","publication_year":2019,"publication_date":"2019-08-09","ids":{"openalex":"https://openalex.org/W2967262539","doi":"https://doi.org/10.1145/3338906.3341178","mag":"2967262539"},"language":"en","primary_location":{"id":"doi:10.1145/3338906.3341178","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3338906.3341178","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5028002784","display_name":"Dimitri Stallenberg","orcid":"https://orcid.org/0009-0003-7843-2372"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Dimitri Michel Stallenberg","raw_affiliation_strings":["Delft University of Technology, Netherlands"],"affiliations":[{"raw_affiliation_string":"Delft University of Technology, Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067127346","display_name":"Annibale Panichella","orcid":"https://orcid.org/0000-0002-7395-3588"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Annibale Panichella","raw_affiliation_strings":["Delft University of Technology, Netherlands"],"affiliations":[{"raw_affiliation_string":"Delft University of Technology, Netherlands","institution_ids":["https://openalex.org/I98358874"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5028002784"],"corresponding_institution_ids":["https://openalex.org/I98358874"],"apc_list":null,"apc_paid":null,"fwci":2.109,"has_fulltext":false,"cited_by_count":11,"citation_normalized_percentile":{"value":0.90254711,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1090","last_page":"1094"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8522061109542847},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.8103076219558716},{"id":"https://openalex.org/keywords/xml","display_name":"XML","score":0.6472902297973633},{"id":"https://openalex.org/keywords/sql-injection","display_name":"SQL injection","score":0.5542464256286621},{"id":"https://openalex.org/keywords/test-case","display_name":"Test case","score":0.5133992433547974},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.42114537954330444},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.40431496500968933},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4004521369934082},{"id":"https://openalex.org/keywords/search-engine","display_name":"Search engine","score":0.375480592250824},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.3472856879234314},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.28595247864723206},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.19949769973754883},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.18255215883255005},{"id":"https://openalex.org/keywords/web-search-query","display_name":"Web search query","score":0.13401293754577637},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.09045711159706116}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8522061109542847},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.8103076219558716},{"id":"https://openalex.org/C8797682","wikidata":"https://www.wikidata.org/wiki/Q2115","display_name":"XML","level":2,"score":0.6472902297973633},{"id":"https://openalex.org/C150451098","wikidata":"https://www.wikidata.org/wiki/Q506059","display_name":"SQL injection","level":5,"score":0.5542464256286621},{"id":"https://openalex.org/C128942645","wikidata":"https://www.wikidata.org/wiki/Q1568346","display_name":"Test case","level":3,"score":0.5133992433547974},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.42114537954330444},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.40431496500968933},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4004521369934082},{"id":"https://openalex.org/C97854310","wikidata":"https://www.wikidata.org/wiki/Q19541","display_name":"Search engine","level":2,"score":0.375480592250824},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.3472856879234314},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.28595247864723206},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.19949769973754883},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.18255215883255005},{"id":"https://openalex.org/C164120249","wikidata":"https://www.wikidata.org/wiki/Q995982","display_name":"Web search query","level":3,"score":0.13401293754577637},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.09045711159706116},{"id":"https://openalex.org/C194222762","wikidata":"https://www.wikidata.org/wiki/Q114486","display_name":"Query by Example","level":4,"score":0.0},{"id":"https://openalex.org/C152877465","wikidata":"https://www.wikidata.org/wiki/Q208042","display_name":"Regression analysis","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3338906.3341178","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3338906.3341178","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:tudelft.nl:uuid:70acc8f1-6e5d-4fcf-acbd-c6bacec61b06","is_oa":false,"landing_page_url":"http://resolver.tudelft.nl/uuid:70acc8f1-6e5d-4fcf-acbd-c6bacec61b06","pdf_url":null,"source":{"id":"https://openalex.org/S4306400906","display_name":"Research Repository (Delft University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I98358874","host_organization_name":"Delft University of Technology","host_organization_lineage":["https://openalex.org/I98358874"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"conference paper"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.4699999988079071}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W562733722","https://openalex.org/W1537258151","https://openalex.org/W1599808047","https://openalex.org/W2061234822","https://openalex.org/W2086037832","https://openalex.org/W2144611797","https://openalex.org/W2468358417","https://openalex.org/W2586946380","https://openalex.org/W2614667882","https://openalex.org/W2772008372","https://openalex.org/W2914775513","https://openalex.org/W2921813635","https://openalex.org/W2937506036","https://openalex.org/W2955465689","https://openalex.org/W3098913714","https://openalex.org/W4236250034"],"related_works":["https://openalex.org/W2511770387","https://openalex.org/W3120811337","https://openalex.org/W3203597304","https://openalex.org/W4385301282","https://openalex.org/W2990186179","https://openalex.org/W4248424560","https://openalex.org/W4206111141","https://openalex.org/W2515553645","https://openalex.org/W4391039293","https://openalex.org/W2547155723"],"abstract_inverted_index":{"Input":[0],"sanitization":[1,32],"and":[2,33,85],"validation":[3,34],"of":[4,21,30,104,111],"user":[5],"inputs":[6],"are":[7],"well-established":[8],"protection":[9,23],"mechanisms":[10,24],"for":[11,94],"microservice":[12],"architectures":[13],"against":[14],"XML":[15,66],"injection":[16],"attacks":[17,62],"(XMLi).":[18],"The":[19],"effectiveness":[20,110],"the":[22,28,31,86,95,102,109],"strongly":[25],"depends":[26],"on":[27],"quality":[29],"rule":[35],"sets":[36],"(e.g.,":[37],"regular":[38],"expressions)":[39],"and,":[40],"therefore,":[41],"security":[42],"analysts":[43],"have":[44],"to":[45],"test":[46],"them":[47],"thoroughly.":[48],"In":[49],"this":[50],"demo,":[51],"we":[52],"introduce":[53],"JCOMIX,":[54],"a":[55],"penetration":[56],"testing":[57,97,114],"tool":[58],"that":[59],"generates":[60],"XMLi":[61,96],"(test":[63],"cases)":[64],"exposing":[65],"vulnerabilities":[67],"in":[68,113],"front-end":[69,117],"web":[70,118],"applications.":[71],"JCOMIX":[72,112],"implements":[73],"various":[74],"search":[75,79],"algorithms,":[76],"including":[77],"random":[78],"(traditional":[80],"fuzzing),":[81],"genetic":[82],"algorithms":[83],"(GAs),":[84],"more":[87],"recent":[88],"co-operative,":[89],"co-evolutionary":[90],"algorithm":[91],"designed":[92],"explicitly":[93],"(COMIX).":[98],"We":[99],"also":[100],"show":[101],"results":[103],"an":[105,115],"empirical":[106],"study":[107],"showing":[108],"open-source":[116],"application.":[119]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":6}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2025-10-10T00:00:00"}