Context: Web applications are trusted by billions of users for performing day-to-day activities.
Accessibility, availability and omnipresence of web applications have made them a prime …

Web applications are one of the most prevalent platforms for information and service
delivery over the Internet today. As they are increasingly used for critical services, web …

Analyzing web applications requires reasoning about strings and non-strings cohesively.
Existing string solvers either ignore non-string program behavior or support limited set of …

Web applications are a frequent target of successful attacks. In most web frameworks, the
damage is amplified by the fact that application code is responsible for security enforcement …

JavaScript-based malware attacks have increased in recent years and currently represent a
signicant threat to the use of desktop computers, smartphones, and tablets. While static and …

Motivated by the vulnerability analysis of web programs which work on string inputs, we
present S3, a new symbolic string solver. Our solver employs a new algorithm for a …

SQL injection attacks have been predominant on web databases since the last 15 years.
Exploiting input validation flaws, attackers inject SQL code through the front-end of websites …

Most existing surveys and reviews on web application vulnerability detection (WAVD)
approaches focus on comparing and summarizing the approaches' technical details …

Due to their high practical impact, Cross-Site Scripting (XSS) attacks have attracted a lot of
attention from the security community members. In the same way, a plethora of more or less …

Modern multi-tier web applications are composed of several dynamic features, which make
their vulnerability analysis challenging from a purely static analysis perspective. We …