Yves Younan, Wouter Joosen, and Frank Piessens. 2012. Runtime countermeasures for code injection attacks against C and C++ programs. ACM Comput. Surv. 44, 3, Article 17 (June 2012), 28 pages. Survey of C/C++ vulnerabilities and countermeasures.
Joel Weinberger et al. 2011 A Systematic Analysis of XSS Sanitization in Web Application Frameworks. in Computer Security - ESORICS 2011, Lecture Notes in Computer Science Vol. 6789 (2011), pp. 150-171. Evaluation of XSS abstractions in 14 major commercially-used web frameworks.