David Hauzar & Jan Kofroň (2012):
On Security Analysis of PHP Web Applications.
In: STPSA 2012.
IEEE,
pp. 577–582,
doi:10.1109/COMPSACW.2012.106.
David Hauzar & Jan Kofroň (2014):
Weverca.
http://d3s.mff.cuni.cz/projects/formal_methods/weverca/.
Dongseok Jang & Kwang-Moo Choe (2009):
Points-to analysis for JavaScript.
SAC '09.
ACM,
New York, NY, USA,
pp. 1930–1937,
doi:10.1145/1529282.1529711.
N. Jovanovic, C. Kruegel & E. Kirda (2006):
Pixy: a static analysis tool for detecting Web application vulnerabilities.
In: S&P'06.
IEEE,
doi:10.1109/SP.2006.29.
Etienne Kneuss, Philippe Suter & Viktor Kuncak (2010):
Runtime Instrumentation for Precise Flow-Sensitive Type Analysis.
In: RV,
pp. 300–314,
doi:10.1007/978-3-642-16612-9_23.
Benjamin Livshits & Stephen Chong (2013):
Towards Fully Automatic Placement of Security Sanitizers and Declassifiers.
POPL '13.
ACM,
New York, NY, USA,
pp. 385–398,
doi:10.1145/2429069.2429115.
Flemming Nielson, Hanne R. Nielson & Chris Hankin (1999):
Principles of Program Analysis.
Springer-Verlag New York, Inc.,
Secaucus, NJ, USA,
doi:10.1007/978-3-662-03811-6.
Max Schäfer, Manu Sridharan, Julian Dolby & Frank Tip (2013):
Dynamic Determinacy Analysis.
PLDI '13.
ACM,
New York, NY, USA,
pp. 165–174,
doi:10.1145/2499370.2462168.
Manu Sridharan (2011):
F4F: Taint Analysis of Framework-based Web Applications.
OOPSLA '11.
ACM,
New York, NY, USA,
pp. 1053–1068,
doi:10.1145/2048066.2048145.
Manu Sridharan (2012):
Correlation Tracking for Points-to Analysis of Javascript.
ECOOP'12.
Springer-Verlag,
Berlin, Heidelberg,
pp. 435–458,
doi:10.1007/978-3-642-31057-7_20.
Omer Tripp (2009):
TAJ: Effective Taint Analysis of Web Applications.
PLDI '09.
ACM,
New York, NY, USA,
pp. 87–97,
doi:10.1145/1542476.1542486.
Omer Tripp (2013):
ANDROMEDA: Accurate and Scalable Security Analysis of Web Applications.
FASE'13.
Springer-Verlag,
Berlin, Heidelberg,
pp. 210–225,
doi:10.1007/978-3-642-37057-1_15.
Shiyi Wei & Barbara G. Ryder (2013):
Practical Blended Taint Analysis for JavaScript.
ISSTA 2013.
ACM,
New York, NY, USA,
pp. 336–346,
doi:10.1145/2483760.2483788.
Fang Yu, Muath Alkhalaf & Tevfik Bultan (2010):
Stranger: An automata-based string analysis tool for PHP.
TACAS'10,
doi:10.1007/978-3-642-12002-2_13.