Click to open the HelpDesk interface
AECE - Front page banner

Menu:


FACTS & FIGURES

JCR Impact Factor: 0.800
JCR 5-Year IF: 1.000
SCOPUS CiteScore: 2.0
Issues per year: 4
Current issue: Feb 2024
Next issue: May 2024
Avg review time: 75 days
Avg accept to publ: 48 days
APC: 300 EUR


PUBLISHER

Stefan cel Mare
University of Suceava
Faculty of Electrical Engineering and
Computer Science
13, Universitatii Street
Suceava - 720229
ROMANIA

Print ISSN: 1582-7445
Online ISSN: 1844-7600
WorldCat: 643243560
doi: 10.4316/AECE


TRAFFIC STATS

2,542,307 unique visits
1,010,677 downloads
Since November 1, 2009

Robots online now
bingbot
Googlebot


SCOPUS CiteScore

SCOPUS CiteScore


SJR SCImago RANK

SCImago Journal & Country Rank


LINKS

AECE on Wikipedia
DAS Conference
DAS on Wikipedia
EMCLab Laboratory
Hard & Soft Contest


TEXT LINKS

Anycast DNS Hosting
MOST RECENT ISSUES

 Volume 24 (2024)
 
     »   Issue 1 / 2024
 
 
 Volume 23 (2023)
 
     »   Issue 4 / 2023
 
     »   Issue 3 / 2023
 
     »   Issue 2 / 2023
 
     »   Issue 1 / 2023
 
 
 Volume 22 (2022)
 
     »   Issue 4 / 2022
 
     »   Issue 3 / 2022
 
     »   Issue 2 / 2022
 
     »   Issue 1 / 2022
 
 
 Volume 21 (2021)
 
     »   Issue 4 / 2021
 
     »   Issue 3 / 2021
 
     »   Issue 2 / 2021
 
     »   Issue 1 / 2021
 
 
  View all issues  


FEATURED ARTICLE

Analysis of the Hybrid PSO-InC MPPT for Different Partial Shading Conditions, LEOPOLDINO, A. L. M., FREITAS, C. M., MONTEIRO, L. F. C.
Issue 2/2022
AbstractPlus


SAMPLE ARTICLES

Analog Circuit Fault Classification and Data Reduction Using PCA-ANFIS Technique Aided by K-means Clustering Approach, LAIDANI, I., BOUROUBA, N.
Issue 4/2022
AbstractPlus

A Novel Approach on Converting Eye Blink Signals in EEG to Speech with Cross Correlation Technique, IKIZLER, N., EKIM, G., ATASOY, A.
Issue 2/2023
AbstractPlus

Deep Learning Based DNS Tunneling Detection and Blocking System, ALTUNCU, M. A., GULAGIZ, F. K., OZCAN, H., BAYIR, O. F., GEZGIN, A., NIYAZOV, A., CAVUSLU, M. A., SAHIN, S.
Issue 3/2021
AbstractPlus

A Novel Resource Sharing Channel Interleaver for 5G NR, LAKSHMI, J. L., JAYAKUMARI, J.
Issue 4/2023
AbstractPlus

Research on Torque Ripple Minimization of Double-stator Switched Reluctance Motor Using Finite Element Method, Das GUPTA, T., CHAUDHARY, K.
Issue 4/2021
AbstractPlus

New Optimized Fractional Slot Concentrated Winding Design for Torque Ripple Minimization in Permanent Magnet Machine, BANCHHOR, D. K., DHABALE, A.
Issue 4/2021
AbstractPlus


TOP ARTICLES

 Most cited in WOS »

 Most cited in SCOPUS »

 Most read articles »



LATEST NEWS

2023-Jun-28
Clarivate Analytics published the InCites Journal Citations Report for 2022. The InCites JCR Impact Factor of Advances in Electrical and Computer Engineering is 0.800 (0.700 without Journal self-cites), and the InCites JCR 5-Year Impact Factor is 1.000.

2023-Jun-05
SCOPUS published the CiteScore for 2022, computed by using an improved methodology, counting the citations received in 2019-2022 and dividing the sum by the number of papers published in the same time frame. The CiteScore of Advances in Electrical and Computer Engineering for 2022 is 2.0. For "General Computer Science" we rank #134/233 and for "Electrical and Electronic Engineering" we rank #478/738.

2022-Jun-28
Clarivate Analytics published the InCites Journal Citations Report for 2021. The InCites JCR Impact Factor of Advances in Electrical and Computer Engineering is 0.825 (0.722 without Journal self-cites), and the InCites JCR 5-Year Impact Factor is 0.752.

2022-Jun-16
SCOPUS published the CiteScore for 2021, computed by using an improved methodology, counting the citations received in 2018-2021 and dividing the sum by the number of papers published in the same time frame. The CiteScore of Advances in Electrical and Computer Engineering for 2021 is 2.5, the same as for 2020 but better than all our previous results.

2021-Jun-30
Clarivate Analytics published the InCites Journal Citations Report for 2020. The InCites JCR Impact Factor of Advances in Electrical and Computer Engineering is 1.221 (1.053 without Journal self-cites), and the InCites JCR 5-Year Impact Factor is 0.961.

Read More »


    
 

  1/2014 - 15
 HIGHLY CITED PAPER 

WAPTT - Web Application Penetration Testing Tool

DURIC, Z. See more information about DURIC, Z. on SCOPUS See more information about DURIC, Z. on IEEExplore See more information about DURIC, Z. on Web of Science
 
View the paper record and citations in View the paper record and citations in Google Scholar
Click to see author's profile in See more information about the author on SCOPUS SCOPUS, See more information about the author on IEEE Xplore IEEE Xplore, See more information about the author on Web of Science Web of Science
Download PDF pdficon (614 KB) | Citation | Downloads: 2,504 | Views: 6,331
Author keywords
databases, security, vulnerabilities, web sites, web applications
References keywords
application(11), security(10), link(10), applications(9), injection(8), detection(6), analysis(6), vulnerabilities(5), testing(5), static(5)
Blue keywords are present in both the references section and the paper title.
About this article
Date of Publication: 2014-02-28
Volume 14, Issue 1, Year 2014, On page(s): 93 - 102
ISSN: 1582-7445, e-ISSN: 1844-7600
Digital Object Identifier: 10.4316/AECE.2014.01015
Web of Science Accession Number: 000332062300015
SCOPUS ID: 84894630963
Abstract
Quick view
Full text preview
Web applications vulnerabilities allow attackers to perform malicious actions that range from gaining unauthorized account access to obtaining sensitive data. The number of reported web application vulnerabilities in last decade is increasing dramatically. The most of vulnerabilities result from improper input validation and sanitization. The most important of these vulnerabilities based on improper input validation and sanitization are: SQL injection (SQLI), Cross-Site Scripting (XSS) and Buffer Overflow (BOF). In order to address these vulnerabilities we designed and developed the WAPTT (Web Application Penetration Testing Tool) tool - web application penetration testing tool. Unlike other web application penetration testing tools, this tool is modular, and can be easily extended by end-user. In order to improve efficiency of SQLI vulnerability detection, WAPTT uses an efficient algorithm for page similarity detection. The proposed tool showed promising results as compared to six well-known web application scanners in detecting various web application vulnerabilities.

References | Cited By  «-- Click to see who has cited this paper
[1] H. Shahriar, M. Zulkernine. Automatic Testing of Program Security Vulnerabilities, 33rd Annual IEEE International Computer Software and Applications Conference, pp. 550 - 555, 2009.
[CrossRef] [SCOPUS Times Cited 25]

[2] A. Kiezun, P. J. Guo, K. Jayaraman, and M. D. Ernst, "Automatic creation of SQL injection and cross-site scripting attacks", in ICSE'09, Proceedings of the 30th International Conference on Software Engineering, Vancouver, BC, Canada, May 20-22, 2009.
[CrossRef] [Web of Science Times Cited 153] [SCOPUS Times Cited 276]

[3] T. Scholtea, D. Balzarottib, E.Kirda, "Have things changed now? An empirical study on input validation vulnerabilities in web applications", Computers & Security, vol. 31, pp. 344-356, 2012.
[CrossRef] [Web of Science Times Cited 31] [SCOPUS Times Cited 52]

[4] J. Bau, E. Bursztein, D. Gupta, J. Mitchell, "State of the Art: Automated Black-Box Web Application Vulnerability Testing", Proceedings of the 2010 IEEE Symposium on Security and Privacy, pp. 332-345, 2010.
[CrossRef] [Web of Science Times Cited 135] [SCOPUS Times Cited 219]

[5] N. Antunes, N. Laranjeiro, M. Vieira, H. Madeira, "Effective Detection of SQL/XPath Injection Vulnerabilities in Web Services", IEEE SCC 2009, pp. 260-267, 2009.
[CrossRef] [Web of Science Times Cited 29] [SCOPUS Times Cited 56]

[6] X. Li and Y. Xue, "A Survey on Web Application Security", Technical report, Vanderbilt University, 2011.

[7] W. G. Halfond and A. Orso, "AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection attacks", Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering, pp. 174-183, 2005.

[8] Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D.-T. Lee, and S.-Y. Kuo, "Securing Web application code by static analysis and runtime protection", Proceedings of the 13th international conference on World Wide Web, pp. 40 - 52, 2004.
[CrossRef] [SCOPUS Times Cited 379]

[9] M. Lam, M. Martin, B. Livshits, and J. Whaley, "Securing Web applications with static and dynamic information flow tracking", Proceedings of the ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation, pp. 3-12, 2008.
[CrossRef] [Web of Science Times Cited 41] [SCOPUS Times Cited 74]

[10] M. Martin and M. Lam, "Automatic generation of XSS and SQL injection attacks with goal-directed model checking", Proceedings of the 17th conference on Security symposium, pp. 31-43, 2008.

[11] OWASP Top 10 2013, [Online] Available: Temporary on-line reference link removed - see the PDF document

[12] Information Technology Industry Council NCITS. SQL-92 standard. [Online] Available: Temporary on-line reference link removed - see the PDF document

[13] C. Anley, Advanced SQL Injection in SQL Server Applications, [Online] Available: Temporary on-line reference link removed - see the PDF document

[14] C. Anley,(more) Advanced SQL Injection, [Online] Available: Temporary on-line reference link removed - see the PDF document

[15] G. Wassermann and Z. Su, "Sound and precise analysis of web applications for injection vulnerabilities," SIGPLAN Not., vol. 42, no. 6, pp. 32-41, 2007.
[CrossRef] [Web of Science Times Cited 45] [SCOPUS Times Cited 99]

[16] M. S. Lam, M. Martin, B. Livshits, and J. Whaley, "Securing web applications with static and dynamic information flow tracking," in PEPM '08: Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics based program manipulation. New York, NY, USA: ACM, pp. 3-12, 2008.
[CrossRef] [Web of Science Times Cited 41] [SCOPUS Times Cited 74]

[17] N. Jovanovic, C. Kruegel, and E. Kirda, "Pixy: A static analysis tool for detecting web application vulnerabilities (short paper)," IEEE Symposium on Security and Privacy, pp. 258-263, 2006.
[CrossRef] [Web of Science Times Cited 271] [SCOPUS Times Cited 525]

[18] Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D.-T. Lee, and S.-Y. Kuo, "Securing web application code by static analysis and runtime protection," Proceedings of the 13th international conference on World Wide Web. New York, NY, USA: ACM, pp. 40-52, 2004.
[CrossRef] [SCOPUS Times Cited 379]

[19] S. Kals, E. Kirda, C. Kruegel, and N. Jovanovic, "Secubat: a web vulnerability scanner", Proceedings of the 15th international conference on World Wide Web, pp. 247-256, 2006.
[CrossRef] [SCOPUS Times Cited 165]

[20] S. McAllister, E. Kirda, and C. Kruegel, "Expanding Human Interactions for In-Depth Testing of Web Applications", 11th Symposium on Recent Advances in Intrusion Detection, Boston, MA, 2008.
[CrossRef] [SCOPUS Times Cited 41]

[21] S. Mcallister, E. Kirda, and C. Kruegel, "Leveraging user interactions for in-depth testing of web applications," Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection, pp. 191-210, 2008.
[CrossRef] [SCOPUS Times Cited 41]

[22] F. Maggi, W. K. Robertson, C. Krugel, and G. Vigna, "Protecting a moving target: Addressing web application concept drift", Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection, pp. 21-40, 2009.
[CrossRef] [SCOPUS Times Cited 54]

[23] Y.-W. Huang, S.-K. Huang, T.-P. Lin, Ch.-H. Tsai, "Web application security assessment by fault injection and behavior monitoring", Proceedings of the 12th international conference on World Wide Web, pp. 148-159, 2003.
[CrossRef] [SCOPUS Times Cited 226]

[24] A. Wiegenstein, F. Weidemann, M. Schumacher, S. Schinzel, "Web Application Vulnerability Scanners - a Benchmark", Virtual Forge GmbH, 2006.

[25] N. Li, T. Xie, M. Jin, C. Liu, "Perturbation-based user-input-validation testing of web applications", Journal of Systems and Software, vol. 83, pp. 2263-2274, 2010.
[CrossRef] [Web of Science Times Cited 18] [SCOPUS Times Cited 28]

[26] Z. Djuric, D. Gasevic, "A Source Code Similarity System for Plagiarism Detection", The Computer Journal, vol. 56, pp. 70-86, 2013.
[CrossRef] [Web of Science Times Cited 45] [SCOPUS Times Cited 64]

[27] J.W. Hunt, M.D. McIlroy, "An Algorithm for Differential File Comparison", Technical Report SECLAB-05-04, Bell Laboratories, 1976.

[28] A. B. Kleiman, T. Kowaltowski, "Qualitative Analysis and Comparison of Plagiarism-Detection Systems in Student Programs", Technical Report IC-09-08. Instituto de ComputaƧao, UNIVERSIDADE ESTADUAL DE CAMPINAS, 2009.

[29] M.J. Wise, "String similarity via greedy string tiling and running Karp-Rabin matching", Deptartment of CS, University of Sydney, [Online] Available: Temporary on-line reference link removed - see the PDF document

[30] R.M Karp and M.O. Rabin, "Efficient randomized pattern-matching algorithms", IBM Journal of Research and Development - Mathematics and computing, vol. 31, pp. 249-260, 1987.
[CrossRef] [Web of Science Times Cited 588] [SCOPUS Times Cited 850]

[31] Web Application Security Consortium (WASC). Web application security scanner evaluation criteria. [Online] Available: Temporary on-line reference link removed - see the PDF document

[32] OWASP WebGoat Project, [Online] Available: Temporary on-line reference link removed - see the PDF document

[33] HackMe bank, [Online] Available: Temporary on-line reference link removed - see the PDF document

[34] AltoroMutual, [Online] Available: Temporary on-line reference link removed - see the PDF document

[35] L. Suto, "Analyzing the Accuracy and Time Costs of Web Application Security Scanners", [Online] Available: Temporary on-line reference link removed - see the PDF document



References Weight

Web of Science® Citations for all references: 1,397 TCR
SCOPUS® Citations for all references: 3,627 TCR

Web of Science® Average Citations per reference: 39 ACR
SCOPUS® Average Citations per reference: 101 ACR

TCR = Total Citations for References / ACR = Average Citations per Reference

We introduced in 2010 - for the first time in scientific publishing, the term "References Weight", as a quantitative indication of the quality ... Read more

Citations for references updated on 2024-04-24 22:41 in 118 seconds.


Note1: Web of Science® is a registered trademark of Clarivate Analytics.
Note2: SCOPUS® is a registered trademark of Elsevier B.V.
Disclaimer: All queries to the respective databases were made by using the DOI record of every reference (where available). Due to technical problems beyond our control, the information is not always accurate. Please use the CrossRef link to visit the respective publisher site.
Copyright ©2001-2024
Faculty of Electrical Engineering and Computer Science
Stefan cel Mare University of Suceava, Romania

All rights reserved: Advances in Electrical and Computer Engineering is a registered trademark of the Stefan cel Mare University of Suceava. No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from the Editor. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Faculty of Electrical Engineering and Computer Science, Stefan cel Mare University of Suceava, Romania, if and only if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.

Permission for other use: The copyright owner's consent does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific written permission must be obtained from the Editor for such copying. Direct linking to files hosted on this website is strictly prohibited.

Disclaimer: Whilst every effort is made by the publishers and editorial board to see that no inaccurate or misleading data, opinions or statements appear in this journal, they wish to make it clear that all information and opinions formulated in the articles, as well as linguistic accuracy, are the sole responsibility of the author.



Website loading speed and performance optimization powered by: 


DNS Made Easy