This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Recommended Reading
Wassermann G, Su Z (2007) Sound and precise analysis of web applications for injection vulnerabilities. In: PLDI’07: proceedings of the 28th conference on programming language design and implementation, San Diego, CA, USA
Minamide Y (2005) Static approximation of dynamically generated web pages. In: WWW’05: proceedings of the 14th international conference on World Wide Web, Chiba, Japan
Balzarotti D, Cova M, Felmetsger V, Jovanovic N, Kirda E, Kruegel C, Vigna G (2008) Saner: composing static and dynamic analysis to validate sanitization in web applications. In: SP’08: proceedings of the 29th IEEE symposium on security and privacy, Oakland, CA, USA
Jovanovic N, Kruegel C, Kirda E (2006) Pixy: a static analysis tool for detecting web application vulnerabilities. In: SP’06: proceedings of the 27th IEEE symposium on security and privacy, Oakland, CA, USA
Livshits VB, Lam MS (2005) Finding security vulnerabilities in Java applications with static analysis. In: SS’05: proceedings of the 14th USENIX security symposium, Baltimore, MD, USA
Huang Y-W, Yu F, Hang C, Tsai C-H, Lee D-T, Kuo S-Y (2004) Securing web application code by static analysis and runtime protection. In: WWW’04: proceedings of the 13th international conference on world wide web, New York, NY, USA
Xie Y, Aiken A (2006) Static detection of security vulnerabilities in scripting languages. In: SS’06: proceedings of the 15th USENIX security symposium, Vancouver, BC, Canada
Christensen AS, Møller A, Schwartzbach MI (2003) Precise analysis of string expressions. In: SAS’03: proceedings of the 10th international conference on static analysis, San Diego, CA, USA
Chong S, Liu J, Myers AC, Qi X, Vikram K, Zheng L, Zheng X (2007) Secure web application via automatic partitioning. SIGOPS Oper Syst Rev 41(6):31–44
Bisht P, Sistla AP, Venkatakrishnan VN (2010) Automatically preparing safe SQL queries. In: FC’10: proceedings of the 14th international conference on financial cryptography and data security, Tenerife, Canary Islands, Spain
Martin M, Lam MS (2008) Automatic generation of XSS and SQL injection attacks with goal-directed model checking. In: SS’08: proceedings of the 17th conference on security symposium, San Jose, CA, USA
Bisht P, Hinrichs T, Skrupsky N, Bobrowicz R, Venkatakrishnan VN (2010) NoTamper: automatic blackbox detection of para meter tampering opportunities in web applications. In: CCS’10: proceedings of the 17th ACM conference on computer and communications security, Chicago, IL, USA
Wassermann G, Yu D, Chander A, Dhurjati D, Inamura H, Su Z (2008) Dynamic test input generation for web applications. In: ISSTA’08: proceedings of the 2008 international symposium on software testing and analysis, Seattle, WA, USA
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Venkatakrishnan, V.N. (2011). Applications of Formal Methods to Web Application Security. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_856
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5906-5_856
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering