This paper presents a language in which information flow is securely controlled by a type system, yet the security class of data can vary dynamically. Information flow policies ...
Whitebox fuzzing is a novel form of security testing based on dynamic symbolic execution and constraint solving. Over the last couple of years, whitebox fuzzers have found many ne...
Web applications are ubiquitous, perform missioncritical tasks, and handle sensitive user data. Unfortunately, web applications are often implemented by developers with limited se...
Davide Balzarotti, Marco Cova, Viktoria Felmetsger...
Cross-site scripting (XSS) is an attack against web applications in which scripting code is injected into the output of an application that is then sent to a user’s web browser....
Philipp Vogt, Florian Nentwich, Nenad Jovanovic, E...
Server-side programming is one of the key technologies that support today's WWW environment. It makes it possible to generate Web pages dynamically according to a user's...