G. Web and . Online, File storage service with REST-like API, 2011.

P. Anderson and M. Zarins, The CodeSurfer Software Understanding Platform, 13th International Workshop on Program Comprehension (IWPC'05), pp.147-148, 2005.
DOI : 10.1109/WPC.2005.37

K. Ashcraft and D. Engler, Using programmer-written compiler extensions to catch security holes, Proceedings 2002 IEEE Symposium on Security and Privacy, pp.143-159, 2002.
DOI : 10.1109/SECPRI.2002.1004368

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

M. Bishop and M. Dilger, Checking for Race Conditions in File Accesses, Computing Systems, vol.9, pp.131-152, 1996.

E. Bodden, P. Lam, and L. Hendren, Clara: a framework for statically evaluating finite-state runtime monitors, 1st International Conference on Runtime Verification (RV). LNCS, pp.74-88, 2010.
DOI : 10.1007/978-3-642-16612-9_15

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

B. Chess, Improving computer security using extended static checking, Proceedings 2002 IEEE Symposium on Security and Privacy, pp.160-173, 2002.
DOI : 10.1109/SECPRI.2002.1004369

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

L. G. Demichiel, Enterprise JavaBeans TM Specification, Version 2.1, Sun Microsystems, 2003.

J. Feiman and N. Macdonald, Magic quadrant for static application security testing, 2010.

J. Graf, Speeding Up Context-, Object- and Field-Sensitive SDG Generation, 2010 10th IEEE Working Conference on Source Code Analysis and Manipulation, pp.105-114, 2010.
DOI : 10.1109/SCAM.2010.9

C. Hammer, Experiences with PDG-Based IFC, Engineering Secure Software and Systems, pp.44-60, 2010.
DOI : 10.1007/978-3-642-11747-3_4

C. Hammer and G. Snelting, Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs, International Journal of Information Security, vol.44, issue.15, pp.399-422, 2009.
DOI : 10.1007/s10207-009-0086-1

M. Kircher and P. Jai, Pooling, Proceedings of the 2002 European Conference on Pattern Languages of Programs, 2002.

J. Krinke, Identifying similar code with program dependence graphs, Proceedings Eighth Working Conference on Reverse Engineering, pp.301-309, 2001.
DOI : 10.1109/WCRE.2001.957835

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

B. Livshits and M. S. Lam, Finding Security Vulnerabilities in Java Applications with Static Analysis, Proceedings of the 14th USENIX Security Symposium, pp.271-286, 2005.

R. Mordani, Java TM Servlet Specification, Version 3.0 Rev a, Sun Microsystems, 2010.

C. Nagy and S. Mancoridis, Static Security Analysis Based on Input-Related Software Faults Oracle: Java EE at a Glance, Proceedings of the 2009 European Conference on Software Maintenance and Reengineering, pp.37-46, 2009.
DOI : 10.1109/csmr.2009.51

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

A. Raza, G. Vogel, and E. Plödereder, Bauhaus ? A Tool Suite for Program Analysis and Reverse Engineering Red Hat, Inc: Session EJB and MDB Configuration (2011), http://docs.jboss.org/ejb3/docs/reference/build/reference/en/html/session- bean-config.html 22. Reenskaug, T.: Models ? Views ? Controllers, Proceedings of 11th Ada-Europe International Conference on Reliable Software Technologies, 1979.

M. Roth and E. Pelegrí-llopart, JavaServer Pages TM Specification, Version 2.0, Sun Microsystems, 2003.

M. Schumacher, E. Fernandez-buglioni, D. Hybertson, F. Buschmann, and P. Sommerlad, Security Patterns, Informatik-Spektrum, vol.25, issue.3, 2006.
DOI : 10.1007/s002870200223

F. Souza, R. Arteiro, N. Rosa, and P. Maciel, Performance Models for the Instance Pooling Mechanism of the JBoss Application Server, 2008 IEEE International Performance, Computing and Communications Conference, pp.135-143, 2008.
DOI : 10.1109/PCCC.2008.4745106

. Springsource, http://www.springsource.org 27. The Apache Software Foundation: Apache Struts, Online, 2011.

G. Wassermann and Z. Su, Sound and Precise Analysis of Web Applications for Injection Vulnerabilities, Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation. pp. 32?41. PLDI '07, 2007.