The Web is replete with tutorial-style content on how to accomplish programming tasks. Unfortunately, even top-ranked tutorials suffer from severe security vulnerabilities, such as cross-site scripting (XSS), and SQL injection (SQLi). Assuming that these tutorials influence real-world software development, we hypothesize that code snippets from popular tutorials can be used to bootstrap vulnera...

With the changing demographics of globalization, the emergence and prevalence of web application have acquired a central and pivotal role in the domains of technology and advancements. It thus becomes imperative to probe deeply into the architecture, significance and different facets of usages. Web applications enclose the functioning between a user and the services provided by the server, whic...

Web applications have been a significant target for successful security breaches in the last few years. They are currently secured, as primary method, by searching their vulnerabilities with specialized tools referred to Application Vulnerability Scanners (WVS’s). Although, these dynamic approaches of testing some advantages, there is still scarcity studies that explore features and detection c...

Security auditing of industry-scale software systems mandates automation. Static taint analysis enables deep and exhaustive tracking of suspicious data flows for detection of potential leakage and integrity violations, such as cross-site scripting (XSS), SQL injection (SQLi) and log forging. Research in this area has taken two directions: program slicing and type systems. Both of these approach...

This report describes a collaboration between researchers at the Technion in Haifa and the University of Southern California’s Information Sciences Institute in Los Angeles. The goal of the collaboration is to jointly construct an email analysis and routing system that will help city governments more rapidly deal with communications from their citizens. This system, or some variant of it, is pl...