Software developers are key players in the security ecosystem as they produce code that
runs on millions of devices. Yet we continue to see insecure code being developed and …

In recent years, huge increase in attacks and data breaches is noticed. Most of the attacks
are performed and focused on the vulnerabilities related to web applications. Hence …

Black-box web application vulnerability scanners attempt to automatically identify
vulnerabilities in web applications without access to the source code. However, they do so …

Modern web applications are an integral part of our digital lives. As we put more trust in web
applications, the need for security increases. At the same time, detecting vulnerabilities in …

PHP applications provide various interfaces for end-users to interact with on the Web. They
thus are prone to taint-style vulnerabilities such as SQL injection and cross-site scripting. For …

Black-box web scanners have been a prevalent means of performing penetration testing to
find reflected cross-site scripting (XSS) vulnerabilities. Unfortunately, off-the-shelf black-box …

Client-side CSRF is a new type of CSRF vulnerability where the adversary can trick the
client-side JavaScript program to send a forged HTTP request to a vulnerable target site by …

Cross-Site Request Forgery (CSRF) vulnerabilities are a severe class of web vulnerabilities
that have received only marginal attention from the research and security testing …

Web crawlers are tools widely used in web security measurements whose performance and
impact have been limitedly studied so far. In this paper, we bridge this gap. Starting from the …

Symbolic execution for dynamic web applications is challenging due to their multilingual
nature. Prior solutions often fall short in limited syntax support and excessive engineering …