CONTEXT: The Web has had a significant impact on all aspects of our society. As our
society relies more and more on the Web, the dependability of web applications has become …

Since its inception of just over two decades ago, the World Wide Web has become a truly
ubiquitous and transformative force in our life, with millions of Web applications serving …

As AJAX applications gain popularity, client-side JavaScript code is becoming increasingly
complex. However, few automated vulnerability analysis tools for JavaScript exist. In this …

We present a technique for finding security vulnerabilities in Web applications. SQL Injection
(SQLI) and cross-site scripting (XSS) attacks are widespread forms of attack in which the …

Synode: Understanding and Automatically Preventing Injection Attacks on Node.js Page 1
Synode: Understanding and Automatically Preventing Injection Attacks on Node.js Cristian-Alexandru …

JavaScript-based malware attacks have increased in recent years and currently represent a
signicant threat to the use of desktop computers, smartphones, and tablets. While static and …

Symbolic execution is a well-known program analysis technique which represents program
inputs with symbolic values instead of concrete, initialized, data and executes the program …

Many automatic testing, analysis, and verification techniques for programs can be effectively
reduced to a constraint generation phase followed by a constraint-solving phase. This …

Web applications often use special string-manipulating sanitizers on untrusted user data, but
it is difficult to reason manually about the behavior of these functions, leading to errors. For …

Web script crashes and malformed dynamically generated webpages are common errors,
and they seriously impact the usability of Web applications. Current tools for webpage …