{"id":"https://openalex.org/W4417082050","doi":"https://doi.org/10.48550/arxiv.2509.14706","title":"Security Analysis of Web Applications Based on Gruyere","display_name":"Security Analysis of Web Applications Based on Gruyere","publication_year":2025,"publication_date":"2025-09-18","ids":{"openalex":"https://openalex.org/W4417082050","doi":"https://doi.org/10.48550/arxiv.2509.14706"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2509.14706","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2509.14706","pdf_url":"https://arxiv.org/pdf/2509.14706","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2509.14706","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5038315504","display_name":"Yuxin Ni","orcid":"https://orcid.org/0000-0003-0580-6946"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Ni, Yonghao","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048564494","display_name":"Z. Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Zhongwen","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5100634701","display_name":"Xiaoqi Li","orcid":"https://orcid.org/0000-0002-4597-4226"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Xiaoqi","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5038315504"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.8216999769210815,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.8216999769210815,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.03959999978542328,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.039000000804662704,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.777999997138977},{"id":"https://openalex.org/keywords/web-engineering","display_name":"Web engineering","score":0.6341999769210815},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.5807999968528748},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.43639999628067017},{"id":"https://openalex.org/keywords/web-modeling","display_name":"Web modeling","score":0.41760000586509705},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.4147000014781952},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4104999899864197},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.39239999651908875},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.37689998745918274}],"concepts":[{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.777999997138977},{"id":"https://openalex.org/C97200028","wikidata":"https://www.wikidata.org/wiki/Q1196135","display_name":"Web engineering","level":5,"score":0.6341999769210815},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6136000156402588},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5995000004768372},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.5807999968528748},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.43639999628067017},{"id":"https://openalex.org/C130436687","wikidata":"https://www.wikidata.org/wiki/Q7978591","display_name":"Web modeling","level":3,"score":0.41760000586509705},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.4147000014781952},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4104999899864197},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.39239999651908875},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.37689998745918274},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.3707999885082245},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.37070000171661377},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.36980000138282776},{"id":"https://openalex.org/C182321512","wikidata":"https://www.wikidata.org/wiki/Q1153289","display_name":"Web standards","level":3,"score":0.36469998955726624},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.3643999993801117},{"id":"https://openalex.org/C22111027","wikidata":"https://www.wikidata.org/wiki/Q1070427","display_name":"Internet security","level":4,"score":0.3637000024318695},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.3628000020980835},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3582000136375427},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.33559998869895935},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.321399986743927},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3149000108242035},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.30250000953674316},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.29750001430511475},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.29510000348091125},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.28630000352859497},{"id":"https://openalex.org/C544335954","wikidata":"https://www.wikidata.org/wiki/Q2553348","display_name":"Web intelligence","level":4,"score":0.2775000035762787},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.26350000500679016},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.2603999972343445}],"mesh":[],"locations_count":3,"locations":[{"id":"pmh:oai:arXiv.org:2509.14706","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2509.14706","pdf_url":"https://arxiv.org/pdf/2509.14706","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"pmh:doi:10.48550/arxiv.2509.14706","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2509.14706","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2509.14706","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2509.14706","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2509.14706","pdf_url":"https://arxiv.org/pdf/2509.14706","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"With":[0],"the":[1,37,69,80,85,105,180],"rapid":[2],"development":[3],"of":[4,40,73,90,161,182],"Internet":[5],"technologies,":[6],"web":[7,30,59,92,170],"systems":[8],"have":[9,27],"become":[10],"essential":[11],"infrastructures":[12],"for":[13,63,114,124,156,190],"modern":[14,162],"information":[15],"exchange":[16],"and":[17,52,55,67,71,88,94,131,193],"business":[18,53],"operations.":[19],"However,":[20],"alongside":[21],"their":[22,96,150],"expansion,":[23],"numerous":[24],"security":[25,31,60,163,172,194],"vulnerabilities":[26,135,146],"emerged,":[28],"making":[29],"a":[32,158],"critical":[33],"research":[34,57,167],"focus":[35],"within":[36],"broader":[38],"field":[39],"cybersecurity.":[41],"These":[42],"issues":[43],"are":[44,147],"closely":[45],"related":[46],"to":[47],"data":[48],"protection,":[49],"privacy":[50],"preservation,":[51],"continuity,":[54],"systematic":[56],"on":[58,175],"is":[61,108],"crucial":[62],"mitigating":[64],"malicious":[65],"attacks":[66],"enhancing":[68],"reliability":[70],"robustness":[72],"network":[74],"systems.":[75],"This":[76],"paper":[77],"first":[78],"reviews":[79],"OWASP":[81],"Top":[82],"10,":[83],"summarizing":[84],"types,":[86],"causes,":[87],"impacts":[89],"common":[91],"vulnerabilities,":[93,126],"illustrates":[95],"exploitation":[97],"mechanisms":[98,184],"through":[99],"representative":[100],"cases.":[101,139],"Building":[102],"upon":[103],"this,":[104],"Gruyere":[106,176],"platform":[107],"adopted":[109],"as":[110],"an":[111],"experimental":[112],"subject":[113],"analyzing":[115],"known":[116],"vulnerabilities.":[117],"The":[118,140],"study":[119],"presents":[120],"detailed":[121],"reproduction":[122],"steps":[123],"specific":[125],"proposes":[127],"comprehensive":[128],"remediation":[129],"strategies,":[130],"further":[132],"compares":[133],"Gruyere's":[134,145],"with":[136],"contemporary":[137],"real-world":[138],"findings":[141],"suggest":[142],"that,":[143],"although":[144],"relatively":[148],"outdated,":[149],"underlying":[151],"principles":[152],"remain":[153],"highly":[154],"relevant":[155],"explaining":[157],"wide":[159],"range":[160],"flaws.":[164],"Overall,":[165],"this":[166],"demonstrates":[168],"that":[169],"system":[171],"analysis":[173],"based":[174],"not":[177],"only":[178],"deepens":[179],"understanding":[181],"vulnerability":[183],"but":[185],"also":[186],"provides":[187],"practical":[188],"support":[189],"technological":[191],"innovation":[192],"defense.":[195]},"counts_by_year":[],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}