Herbert Wiklicky

Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis.

TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones

Language-based information-flow security

All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask)

Automatic creation of SQL Injection and cross-site scripting attacks

TaintDroid

Probabilistic Confinement in a Declarative Framework