{"id":"https://openalex.org/W7083296160","doi":"https://doi.org/10.18420/abp2025_06","title":"Automated Security Assessment in Educational Environments: A Novel Approach to XSS Vulnerability Detection for Programming Assignments","display_name":"Automated Security Assessment in Educational Environments: A Novel Approach to XSS Vulnerability Detection for Programming Assignments","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W7083296160","doi":"https://doi.org/10.18420/abp2025_06"},"language":"en","primary_location":{"id":"doi:10.18420/abp2025_06","is_oa":true,"landing_page_url":"https://doi.org/10.18420/abp2025_06","pdf_url":null,"source":{"id":"https://openalex.org/S7407052918","display_name":"Gesellschaft f\u00fcr Informatik (GI)","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article-journal"},"type":"article","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.18420/abp2025_06","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Iffl\u00e4nder, Lukas","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Iffl\u00e4nder, Lukas","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.64012899,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":true,"primary_topic":{"id":"https://openalex.org/T12471","display_name":"History of Science and Natural History","score":0.05550000071525574,"subfield":{"id":"https://openalex.org/subfields/1207","display_name":"History and Philosophy of Science"},"field":{"id":"https://openalex.org/fields/12","display_name":"Arts and Humanities"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T12471","display_name":"History of Science and Natural History","score":0.05550000071525574,"subfield":{"id":"https://openalex.org/subfields/1207","display_name":"History and Philosophy of Science"},"field":{"id":"https://openalex.org/fields/12","display_name":"Arts and Humanities"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12456","display_name":"Geotourism and Geoheritage Conservation","score":0.03539999946951866,"subfield":{"id":"https://openalex.org/subfields/1907","display_name":"Geology"},"field":{"id":"https://openalex.org/fields/19","display_name":"Earth and Planetary Sciences"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13031","display_name":"Civil and Structural Engineering Research","score":0.026000000536441803,"subfield":{"id":"https://openalex.org/subfields/2205","display_name":"Civil and Structural Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.9605000019073486},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.9157999753952026},{"id":"https://openalex.org/keywords/correctness","display_name":"Correctness","score":0.6570000052452087},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.5975000262260437},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.5037999749183655},{"id":"https://openalex.org/keywords/grading","display_name":"Grading (engineering)","score":0.4702000021934509},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.45179998874664307},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.43799999356269836},{"id":"https://openalex.org/keywords/validator","display_name":"Validator","score":0.4375999867916107},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4368000030517578}],"concepts":[{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.9605000019073486},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.9157999753952026},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8134999871253967},{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.6570000052452087},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6226000189781189},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.5975000262260437},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.5037999749183655},{"id":"https://openalex.org/C2777286243","wikidata":"https://www.wikidata.org/wiki/Q5591926","display_name":"Grading (engineering)","level":2,"score":0.4702000021934509},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.45179998874664307},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.43799999356269836},{"id":"https://openalex.org/C35292069","wikidata":"https://www.wikidata.org/wiki/Q1575458","display_name":"Validator","level":2,"score":0.4375999867916107},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4368000030517578},{"id":"https://openalex.org/C176856949","wikidata":"https://www.wikidata.org/wiki/Q2001676","display_name":"Offensive","level":2,"score":0.41769999265670776},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3804999887943268},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.3758000135421753},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.36230000853538513},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.3603000044822693},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.3562999963760376},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3379000127315521},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.3328999876976013},{"id":"https://openalex.org/C77714075","wikidata":"https://www.wikidata.org/wiki/Q5452017","display_name":"Firewall (physics)","level":5,"score":0.3271999955177307},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.31690001487731934},{"id":"https://openalex.org/C59519942","wikidata":"https://www.wikidata.org/wiki/Q650665","display_name":"Drone","level":2,"score":0.3095000088214874},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.28119999170303345},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.27950000762939453},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2766999900341034},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.2711000144481659},{"id":"https://openalex.org/C22111027","wikidata":"https://www.wikidata.org/wiki/Q1070427","display_name":"Internet security","level":4,"score":0.2651999890804291},{"id":"https://openalex.org/C150451098","wikidata":"https://www.wikidata.org/wiki/Q506059","display_name":"SQL injection","level":5,"score":0.26339998841285706},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.2547000050544739},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.2531999945640564}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.18420/abp2025_06","is_oa":true,"landing_page_url":"https://doi.org/10.18420/abp2025_06","pdf_url":null,"source":{"id":"https://openalex.org/S7407052918","display_name":"Gesellschaft f\u00fcr Informatik (GI)","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article-journal"}],"best_oa_location":{"id":"doi:10.18420/abp2025_06","is_oa":true,"landing_page_url":"https://doi.org/10.18420/abp2025_06","pdf_url":null,"source":{"id":"https://openalex.org/S7407052918","display_name":"Gesellschaft f\u00fcr Informatik (GI)","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article-journal"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"In":[0],"contemporary":[1],"computing":[2],"curricula,":[3],"hands-on":[4],"penetration":[5],"testing":[6],"has":[7,29],"become":[8],"indispensable":[9],"for":[10,49,63],"cybersecurity":[11],"education.":[12],"Students":[13],"can":[14],"only":[15],"effectively":[16],"secure":[17],"systems":[18],"by":[19],"understanding":[20],"how":[21],"to":[22,71],"exploit":[23,74,100],"their":[24],"vulnerabilities.":[25,78],"Although":[26],"prior":[27],"work":[28],"concentrated":[30],"on":[31],"assessing":[32],"the":[33,109,113],"correctness":[34],"and":[35,73,112,130,139],"safety":[36],"of":[37],"student":[38],"code":[39],"submissions,":[40],"there":[41],"exists":[42],"a":[43,58],"significant":[44],"gap":[45],"in":[46,126],"automated":[47,61],"methods":[48],"evaluating":[50],"students'":[51],"offensive":[52],"security":[53,66],"skills.":[54],"This":[55],"paper":[56],"introduces":[57],"lightweight,":[59],"fully":[60],"framework":[62,121],"grading":[64],"web":[65],"assignments":[67],"that":[68,97],"require":[69],"students":[70],"discover":[72],"Cross-Site":[75],"Scripting":[76],"(XSS)":[77],"Building":[79],"upon":[80],"an":[81,94],"exercise":[82],"adapted":[83],"from":[84],"Stanford's":[85],"CS":[86],"253":[87],"Web":[88],"Security":[89],"course,":[90],"our":[91,127],"approach":[92],"uses":[93],"XSS":[95],"validator":[96],"automatically":[98],"verifies":[99],"payloads":[101],"against":[102],"configurable":[103],"target":[104],"applications.":[105],"We":[106],"provide":[107],"both":[108],"validation":[110],"tool":[111],"accompanying":[114],"course":[115],"configuration":[116],"as":[117],"open-source":[118],"artifacts.":[119],"The":[120],"is":[122],"currently":[123],"being":[124],"deployed":[125],"undergraduate":[128],"courses":[129],"we":[131],"present":[132],"initial":[133],"evaluation":[134],"results":[135],"demonstrating":[136],"its":[137],"effectiveness":[138],"scalability.":[140]},"counts_by_year":[],"updated_date":"2025-11-06T06:51:31.235846","created_date":"2025-10-10T00:00:00"}