{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2018:BONDTANKXVK3PWCBKQWE3ZYWZG","short_pith_number":"pith:BONDTANK","schema_version":"1.0","canonical_sha256":"0b9a3981aabd55b7d841542c4de716c9883dd30b3b6a1ca3861eb4e67b23fd92","source":{"kind":"arxiv","id":"1804.00754","version":1},"attestation_state":"computed","paper":{"title":"Automatic Web Security Unit Testing: XSS Vulnerability Detection","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Bill Chu, Emerson Murphy-Hill, Heather Richter Lipford, Mahmoud Mohammadi","submitted_at":"2018-04-02T22:56:33Z","abstract_excerpt":"Integrating security testing into the workflow of software developers not only can save resources for separate security testing but also reduce the cost of fixing security vulnerabilities by detecting them early in the development cycle. We present an automatic testing approach to detect a common type of Cross Site Scripting (XSS) vulnerability caused by improper encoding of untrusted data. We automatically extract encoding functions used in a web application to sanitize untrusted inputs and then evaluate their effectiveness by automatically generating XSS attack strings. Our evaluations show "},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"1804.00754","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-04-02T22:56:33Z","cross_cats_sorted":[],"title_canon_sha256":"ffb10315be15f99a0ed9211eca8ef25c696751220d3118e7fd90c4644e997d7b","abstract_canon_sha256":"4a9cb6e236e14abd6f1f9de0e5162b572d66ff2ec36e7d153b1e02146d193cb9"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:19:32.280060Z","signature_b64":"r5M0sQMmcut+NZTgVbM33D0LRSKRV7GP7zxMmWumd5rhCkbI17QxGv0CT6PXP3xZs5BPAiqYq/etNILcy9lICQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"0b9a3981aabd55b7d841542c4de716c9883dd30b3b6a1ca3861eb4e67b23fd92","last_reissued_at":"2026-05-18T00:19:32.279569Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:19:32.279569Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Automatic Web Security Unit Testing: XSS Vulnerability Detection","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Bill Chu, Emerson Murphy-Hill, Heather Richter Lipford, Mahmoud Mohammadi","submitted_at":"2018-04-02T22:56:33Z","abstract_excerpt":"Integrating security testing into the workflow of software developers not only can save resources for separate security testing but also reduce the cost of fixing security vulnerabilities by detecting them early in the development cycle. We present an automatic testing approach to detect a common type of Cross Site Scripting (XSS) vulnerability caused by improper encoding of untrusted data. We automatically extract encoding functions used in a web application to sanitize untrusted inputs and then evaluate their effectiveness by automatically generating XSS attack strings. Our evaluations show "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1804.00754","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"1804.00754","created_at":"2026-05-18T00:19:32.279649+00:00"},{"alias_kind":"arxiv_version","alias_value":"1804.00754v1","created_at":"2026-05-18T00:19:32.279649+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1804.00754","created_at":"2026-05-18T00:19:32.279649+00:00"},{"alias_kind":"pith_short_12","alias_value":"BONDTANKXVK3","created_at":"2026-05-18T12:32:16.446611+00:00"},{"alias_kind":"pith_short_16","alias_value":"BONDTANKXVK3PWCB","created_at":"2026-05-18T12:32:16.446611+00:00"},{"alias_kind":"pith_short_8","alias_value":"BONDTANK","created_at":"2026-05-18T12:32:16.446611+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/BONDTANKXVK3PWCBKQWE3ZYWZG","json":"https://pith.science/pith/BONDTANKXVK3PWCBKQWE3ZYWZG.json","graph_json":"https://pith.science/api/pith-number/BONDTANKXVK3PWCBKQWE3ZYWZG/graph.json","events_json":"https://pith.science/api/pith-number/BONDTANKXVK3PWCBKQWE3ZYWZG/events.json","paper":"https://pith.science/paper/BONDTANK"},"agent_actions":{"view_html":"https://pith.science/pith/BONDTANKXVK3PWCBKQWE3ZYWZG","download_json":"https://pith.science/pith/BONDTANKXVK3PWCBKQWE3ZYWZG.json","view_paper":"https://pith.science/paper/BONDTANK","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=1804.00754&json=true","fetch_graph":"https://pith.science/api/pith-number/BONDTANKXVK3PWCBKQWE3ZYWZG/graph.json","fetch_events":"https://pith.science/api/pith-number/BONDTANKXVK3PWCBKQWE3ZYWZG/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/BONDTANKXVK3PWCBKQWE3ZYWZG/action/timestamp_anchor","attest_storage":"https://pith.science/pith/BONDTANKXVK3PWCBKQWE3ZYWZG/action/storage_attestation","attest_author":"https://pith.science/pith/BONDTANKXVK3PWCBKQWE3ZYWZG/action/author_attestation","sign_citation":"https://pith.science/pith/BONDTANKXVK3PWCBKQWE3ZYWZG/action/citation_signature","submit_replication":"https://pith.science/pith/BONDTANKXVK3PWCBKQWE3ZYWZG/action/replication_record"}},"created_at":"2026-05-18T00:19:32.279649+00:00","updated_at":"2026-05-18T00:19:32.279649+00:00"}