{"id":"https://openalex.org/W2922467742","doi":"https://doi.org/10.3233/jcs-181262","title":"A formal and automated approach to\u00a0exploiting multi-stage attacks of\u00a0web\u00a0applications","display_name":"A formal and automated approach to\u00a0exploiting multi-stage attacks of\u00a0web\u00a0applications","publication_year":2020,"publication_date":"2020-06-09","ids":{"openalex":"https://openalex.org/W2922467742","doi":"https://doi.org/10.3233/jcs-181262","mag":"2922467742"},"language":"en","primary_location":{"id":"doi:10.3233/jcs-181262","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-181262","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5013820347","display_name":"Federico De Meo","orcid":"https://orcid.org/0000-0002-6520-1992"},"institutions":[{"id":"https://openalex.org/I119439378","display_name":"University of Verona","ror":"https://ror.org/039bp8j42","country_code":"IT","type":"education","lineage":["https://openalex.org/I119439378"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Federico De Meo","raw_affiliation_strings":["Dipartimento di Informatica, Universit\u00e0 di Verona, Italy. E-mail:\u00a0","Dipartimento di Informatica, Universit\u00e0 di Verona, Italy. E-mail:\u00a0research@demeo.eu"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Dipartimento di Informatica, Universit\u00e0 di Verona, Italy. E-mail:\u00a0","institution_ids":["https://openalex.org/I119439378"]},{"raw_affiliation_string":"Dipartimento di Informatica, Universit\u00e0 di Verona, Italy. E-mail:\u00a0research@demeo.eu","institution_ids":["https://openalex.org/I119439378"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101515402","display_name":"Luca Vigan\u00f2","orcid":"https://orcid.org/0000-0001-9916-271X"},"institutions":[{"id":"https://openalex.org/I164213776","display_name":"King's College - North Carolina","ror":"https://ror.org/022f44628","country_code":"US","type":"education","lineage":["https://openalex.org/I164213776"]},{"id":"https://openalex.org/I183935753","display_name":"King's College London","ror":"https://ror.org/0220mzb33","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I183935753"]},{"id":"https://openalex.org/I4210119896","display_name":"King's College School","ror":"https://ror.org/02bbqcn27","country_code":"GB","type":"education","lineage":["https://openalex.org/I4210119896"]}],"countries":["GB","US"],"is_corresponding":true,"raw_author_name":"Luca Vigan\u00f2","raw_affiliation_strings":["Department of Informatics, King\u2019s College London, United Kingdom. E-mail:\u00a0","Department of Informatics, King\u2019s College London, United Kingdom. E-mail:\u00a0luca.vigano@kcl.ac.uk"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Informatics, King\u2019s College London, United Kingdom. E-mail:\u00a0","institution_ids":["https://openalex.org/I183935753","https://openalex.org/I4210119896","https://openalex.org/I164213776"]},{"raw_affiliation_string":"Department of Informatics, King\u2019s College London, United Kingdom. E-mail:\u00a0luca.vigano@kcl.ac.uk","institution_ids":["https://openalex.org/I183935753"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5101515402"],"corresponding_institution_ids":["https://openalex.org/I164213776","https://openalex.org/I183935753","https://openalex.org/I4210119896"],"apc_list":null,"apc_paid":null,"fwci":0.2784,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.61895262,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"28","issue":"5","first_page":"525","last_page":"576"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.9104983806610107},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8584654927253723},{"id":"https://openalex.org/keywords/formal-description","display_name":"Formal description","score":0.4964619278907776},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.491041898727417},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4855203628540039},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3128909766674042},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.21385055780410767},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.16200953722000122}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.9104983806610107},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8584654927253723},{"id":"https://openalex.org/C2985583900","wikidata":"https://www.wikidata.org/wiki/Q722617","display_name":"Formal description","level":2,"score":0.4964619278907776},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.491041898727417},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4855203628540039},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3128909766674042},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.21385055780410767},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.16200953722000122},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.3233/jcs-181262","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-181262","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5899999737739563,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W23242426","https://openalex.org/W174930406","https://openalex.org/W1489243061","https://openalex.org/W1538882499","https://openalex.org/W1782799247","https://openalex.org/W1795549172","https://openalex.org/W1895387792","https://openalex.org/W1976371754","https://openalex.org/W1976745427","https://openalex.org/W1996788431","https://openalex.org/W2020831675","https://openalex.org/W2029693536","https://openalex.org/W2081830543","https://openalex.org/W2119296494","https://openalex.org/W2134245564","https://openalex.org/W2144028411","https://openalex.org/W2156835762","https://openalex.org/W2162325770","https://openalex.org/W2204102791","https://openalex.org/W2483259815","https://openalex.org/W2520001224","https://openalex.org/W2621549133","https://openalex.org/W2628270564","https://openalex.org/W2732351623","https://openalex.org/W2752602409"],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W1590307681","https://openalex.org/W3048799479","https://openalex.org/W2779961139","https://openalex.org/W3006507989","https://openalex.org/W4240241597","https://openalex.org/W2763500028","https://openalex.org/W4240288358"],"abstract_inverted_index":{"We":[0,30],"propose":[1],"a":[2],"formal":[3],"and":[4,18,41,58],"automated":[5],"approach":[6,40],"that":[7,37],"allows":[8],"one":[9],"to":[10,49,56],"(i)":[11],"reason":[12],"about":[13],"vulnerabilities":[14,22],"of":[15,26],"web":[16],"applications":[17],"(ii)":[19],"combine":[20],"multiple":[21],"for":[23],"the":[24],"identification":[25],"complex,":[27],"multi-stage":[28],"attacks.":[29,62],"have":[31],"developed":[32],"WAFEx,":[33],"an":[34],"automatic":[35],"tool":[36],"implements":[38],"our":[39],"we":[42],"show":[43],"its":[44],"efficiency":[45],"by":[46],"applying":[47],"it":[48],"real-world":[50],"case":[51],"studies.":[52],"WAFEx":[53],"was":[54],"able":[55],"generate,":[57],"exploit,":[59],"previously":[60],"unknown":[61]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2021,"cited_by_count":1}],"updated_date":"2026-05-04T08:30:34.212998","created_date":"2025-10-10T00:00:00"}