J. Bau, E. Bursztein, D. Gupta, and J. Mitchell, State of the Art: Automated Black-Box Web Application Vulnerability Testing, 2010 IEEE Symposium on Security and Privacy, pp.332-345, 2010.
DOI : 10.1109/SP.2010.27

A. Doupé, M. Cova, and G. Vigna, Why Johnny Can???t Pentest: An Analysis of Black-Box Web Vulnerability Scanners, DIMVA, pp.111-131, 2010.
DOI : 10.1007/978-3-642-14215-4_7

. Foundstone, Hacme Bank v2.0, 2006.

M. Heiderich, J. Schwenk, T. Frosch, J. Magazinius, and E. Z. Yang, mXSS attacks, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, CCS '13, pp.777-788, 2013.
DOI : 10.1145/2508859.2516723

A. Klein, DOM based cross site scripting or XSS of the third kind, 2005.

S. Lekies, B. Stock, and M. Johns, 25 million flows later, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, CCS '13, pp.1193-1204, 2013.
DOI : 10.1145/2508859.2516703

F. Maggi, A. Frossi, S. Zanero, G. Stringhini, B. Stone-gross et al., Two years of short URLs internet measurement, Proceedings of the 22nd international conference on World Wide Web, WWW '13, pp.861-872, 2013.
DOI : 10.1145/2488388.2488463

P. Mutton, XSS in confined spaces, 2011.

A. Pitsillidis, K. Levchenko, C. Kreibich, C. Kanich, G. M. Voelker et al., Botnet judo: Fighting spam with itself, DNSS, 2010.

M. Samuel, P. Saxena, and D. Song, Context-sensitive auto-sanitization in web templating languages using type qualifiers, Proceedings of the 18th ACM conference on Computer and communications security, CCS '11, pp.587-600, 2011.
DOI : 10.1145/2046707.2046775

D. Secureworks, Dell SecureWorks Threat Report for 2012, 2012. URL http://www.secureworks.com/cyber-threat-intelligence, p.2012

L. Suto, Analyzing the accuracy and time costs of web application security scanners, 2010.

B. Toews, XSS shortening cheatsheet, 2012. URL http://labs.neohapsis. com, p.xss-shortening-cheatsheet, 2012.

J. Tudor, Web Application Vulnerability Statistics 2013, 2013.

M. Vieira, N. Antunes, and H. Madeira, Using web security scanners to detect vulnerabilities in web services, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks, pp.566-571, 2009.
DOI : 10.1109/DSN.2009.5270294