[12] Huang, Y.-W., Yu, F., Hang, C., Tsai, C.-H., Lee, D.-T., and Kuo, S.-Y. Securing Web
Application Code by Static Analysis and Runtime Protection. In International Conference on World
Wide Web (WWW ’04) (2004), ACM, pp. 40–52.
[13] Jovanovic, N., Kruegel, C., and Kirda, E. Pixy: A Static Analysis Tool for Detecting Web
Application Vulnerabili ties. In Symposium on Security and Privacy (S&P’06) (2006), IEEE, pp. 263–
268.
[14] Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S.,
Prescher, T., Schwarz, M., and Yarom, Y. Spectre attacks: Exploiting speculative execution.
CoRR abs/1801.01203 (2018).
[15] Lam, M. S., Martin, M., Livshits, B., and Whaley, J. Securing web applications with static
and dynamic information flow tracking. In Proceedings of the 2008 ACM SIGPLAN symposium on
Partial evaluation and semantics-based program manipulation (2008), ACM, pp. 3–12.
[16] Lipp, M., Gruss, D., Schwarz, M., Bidner, D., Maurice, C., and Mangard, S. Practical
keystroke timing attacks in sandboxed javascript. In Computer Security – ESORICS 2017 (Cham,
2017), S. N. Foley, D. Gollmann, and E. Snekkenes, Eds., Springer International Publishing, pp. 191–
209.
[17] Livshits, B. Dynamic taint tracking in managed runtimes. Tech. rep., 2012.
[18] Livshits, B., and Erlingsson,
´
U. Using Web Application Construction Frameworks to Protect
Against Code Injection Attacks. In Workshop on Programming Languages and Analysis for Security
(PLAS ’07) (2007), ACM, pp. 95–104.
[19] Livshits, V. B., and Lam, M. S. Finding Security Vulnerabilities in Java Applications with Static
Anal ysis. In USENIX Security Symposium ’13, vol. 2013.
[20] Luo, Z., Rezk, T., and Serrano, M. Automated Code Injection Prevention for Web Applications.
In Workshop on Theory of Security and Applications (2011), Springer, pp. 186–204.
[21] Parameshwaran, I., Budianto, E., Shinde, S., Dang, H., Sadhu, A., and Saxena, P. Dex-
terjs: Robust testing platform for dom-based xss vulnerabilities. In Proceedings of the 2015 10th Joint
Meeting on Foundations of Software Engineering (New York, NY, USA, 2015), ESEC/FSE 2015,
ACM, pp. 946–949.
[22] Prokhorenko, V., Choo, K.-K. R., and Ashman, H. Web application protection techniques: A
taxonomy. Journal of Network and Computer Applications 60, Supplement C (2016), 95 – 112.
[23] Robertson, W. K., and Vigna, G. Static enforcement of web application integrity through strong
typing. In USENIX Security Symposium ’09 (2009), pp. 283–298.
[24] Samuel, M., Saxena, P., and Song, D. Context-sensitive auto-sanitization in web templating
languages using type qualifiers. In Proceedings of the 18th ACM Conference on Computer and Com-
munications Security (New York, NY, USA, 2011), CCS ’11, ACM, pp. 587–600.
24