• There are IDEs for KeY, including an Eclipse extension, that make it easy to keep track of
proof obligations in larger projects [Hentschel et al., 2014c].• A stripped down version of …

We present PIDGIN, a program analysis and understanding tool that enables the
specification and enforcement of precise application-specific information security …

Information leaks and other violations of information security pose a severe threat to
individuals, companies, and even countries. The mechanisms by which attackers threaten …

Modern Web 2.0 pages combine scripts from several sources into a single client-side
JavaScript program with almost no isolation. In order to prevent attacks from an untrusted …

Malicious users can attack Web applications by exploiting injection vulnerabilities in the
source code. This work addresses the challenge of detecting injection vulnerabilities in the …

Cross-site scripting and injection vulnerabilities are among the most common and serious
security issues for Web applications. Although existing static analysis approaches can detect …

Abstract Information flow control systems provide the guarantees that are required in today's
security-relevant systems. While the literature has produced a wealth of techniques to …

XML, XPath, and SQL injection vulnerabilities are among the most common and serious
security issues for Web applications and Web services. Thus, it is important for security …

The Java programming language provides safety and security guarantees such as type
safety and its security architecture. They distinguish it from other mainstream programming …

JoanAudit is a static analysis tool to assist security auditors in auditing Web applications and
Web services for common injection vulnerabilities during software development. It …