{"id":"https://openalex.org/W7134959528","doi":"https://doi.org/10.48550/arxiv.2603.09426","title":"An Analysis of Modern Web Security Vulnerabilities Inside WebAssembly Applications","display_name":"An Analysis of Modern Web Security Vulnerabilities Inside WebAssembly Applications","publication_year":2026,"publication_date":"2026-03-10","ids":{"openalex":"https://openalex.org/W7134959528","doi":"https://doi.org/10.48550/arxiv.2603.09426"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.09426","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.09426","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.09426","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5128342449","display_name":"Lorenzo Corrias","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Corrias, Lorenzo","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5104421737","display_name":"Lorenzo Pisu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Pisu, Lorenzo","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051452548","display_name":"Davide Maiorca","orcid":"https://orcid.org/0000-0003-2640-4663"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Maiorca, Davide","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5075367917","display_name":"Giorgio Giacinto","orcid":"https://orcid.org/0000-0002-5759-3017"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Giacinto, Giorgio","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5128342449"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9406999945640564,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9406999945640564,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.03620000183582306,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.006200000178068876,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6740000247955322},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.6707000136375427},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.6654000282287598},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6060000061988831},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5774999856948853},{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.5508999824523926},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.5454000234603882},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.5383999943733215},{"id":"https://openalex.org/keywords/sql-injection","display_name":"SQL injection","score":0.5126000046730042},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.5034999847412109}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7135000228881836},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6927000284194946},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6740000247955322},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.6707000136375427},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.6654000282287598},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6060000061988831},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5774999856948853},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.5508999824523926},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.5454000234603882},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.5383999943733215},{"id":"https://openalex.org/C150451098","wikidata":"https://www.wikidata.org/wiki/Q506059","display_name":"SQL injection","level":5,"score":0.5126000046730042},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.5034999847412109},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.44339999556541443},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.4359999895095825},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.435699999332428},{"id":"https://openalex.org/C2780598303","wikidata":"https://www.wikidata.org/wiki/Q65921492","display_name":"Flexibility (engineering)","level":2,"score":0.43540000915527344},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.38519999384880066},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.35690000653266907},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.3506999909877777},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.3443000018596649},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.33869999647140503},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.33649998903274536},{"id":"https://openalex.org/C22111027","wikidata":"https://www.wikidata.org/wiki/Q1070427","display_name":"Internet security","level":4,"score":0.328000009059906},{"id":"https://openalex.org/C106251023","wikidata":"https://www.wikidata.org/wiki/Q851989","display_name":"Porting","level":3,"score":0.32679998874664307},{"id":"https://openalex.org/C20574231","wikidata":"https://www.wikidata.org/wiki/Q844605","display_name":"Backward compatibility","level":2,"score":0.3181000053882599},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3102000057697296},{"id":"https://openalex.org/C97200028","wikidata":"https://www.wikidata.org/wiki/Q1196135","display_name":"Web engineering","level":5,"score":0.3043000102043152},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.2865000069141388},{"id":"https://openalex.org/C130436687","wikidata":"https://www.wikidata.org/wiki/Q7978591","display_name":"Web modeling","level":3,"score":0.27619999647140503},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.26919999718666077},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.26100000739097595},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.25760000944137573},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.25600001215934753}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.09426","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.09426","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.09426","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.09426","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0,30],"growth":[1],"in":[2,107,165,208],"the":[3,6,26,37,61,101,120,170,200],"adoption":[4],"of":[5,18,28,32,64,103,119,131,172,188],"WebAssembly":[7,97],"(WASM)":[8],"standard":[9],"has":[10,34],"given":[11],"rise":[12],"to":[13,25,40,88,113,128,138,180,198],"a":[14,47,79,96,104,139,176,186],"rapidly":[15],"increasing":[16],"landscape":[17],"binary":[19,68,134,154],"applications":[20],"that":[21,49,67,90,116,153,161,178,194],"are":[22,117],"natively":[23],"ported":[24],"environment":[27],"websites.":[29],"flexibility":[31],"WASM":[33,83,173,206],"made":[35],"it":[36],"preferred":[38],"way":[39],"run":[41],"fast":[42],"and":[43,74,148,191],"resource-heavy":[44],"applications,":[45,167],"replacing":[46],"field":[48],"JavaScript":[50],"previously":[51],"monopolized.":[52],"Despite":[53],"its":[54],"success,":[55],"researchers":[56],"have":[57],"raised":[58],"concerns":[59],"over":[60],"security":[62,122,141,159,171],"implementations":[63],"WASM,":[65],"demonstrating":[66,168],"vulnerabilities,":[69,92],"such":[70,91,143],"as":[71,144],"Buffer":[72],"Overflows":[73],"Use":[75],"After":[76],"Free,":[77],"remain":[78],"present":[80],"danger":[81],"for":[82],"binaries.":[84],"Our":[85,150],"work":[86],"aims":[87],"demonstrate":[89],"when":[93],"occurring":[94],"on":[95],"module,":[98],"can":[99,156,196],"affect":[100],"behavior":[102],"web":[105,121,140,162,210],"application":[106],"unexpected":[108],"ways,":[109],"enabling":[110],"an":[111],"attacker":[112],"exploit":[114],"vulnerabilities":[115,155],"typical":[118],"landscape.":[123],"We":[124,183],"provide":[125,129,185],"several":[126],"scenarios":[127],"examples":[130],"how":[132,169],"each":[133],"vulnerability":[135],"might":[136],"lead":[137],"vulnerability,":[142],"SQL":[145],"Injections,":[146],"XS-Leaks,":[147],"SSTI.":[149],"results":[151],"show":[152],"invalidate":[157],"common":[158],"mechanisms":[160],"developer":[163],"implement":[164,197],"their":[166,209],"modules":[174,207],"remains":[175],"problem":[177],"needs":[179],"be":[181],"addressed.":[182],"also":[184],"list":[187],"best":[189],"practices":[190],"defensive":[192],"strategies":[193],"developers":[195],"mitigate":[199],"risks":[201],"associated":[202],"with":[203],"running":[204],"unsafe":[205],"applications.":[211]},"counts_by_year":[],"updated_date":"2026-03-12T06:18:43.230356","created_date":"2026-03-12T00:00:00"}