Formal methods for web security

In the last few years, many security researchers proposed to endow the web platform with more rigorous foundations, thus allowing for a precise reasoning on web security issues. Given the complexity of the Web, however, research efforts in the area are scattered around many different topics and problems, and it is not easy to understand the import of formal methods on web security so far. In this survey we collect, classify and review existing proposals in the area of formal methods for web security, spanning many different topics: JavaScript security, browser security, web application security, and web protocol analysis. Based on the existing literature, we discuss recommendations for researchers working in the area to ensure their proposals have the right ingredients to be amenable for a large scale adoption.