Today's Web applications are no longer the work of a single developer nor of a single development team; nowadays developing a functional, user-friendly, attractive-looking Web application implies the use of third-party components, such as programming libraries, APIs to external services (Facebook, Google, Twitter), development frameworks, and many other components in which programming, testing, and patching have very little or nothing to do.

Sometimes these third-party components are found vulnerable to attacks and they transfer those vulnerabilities to our applications. Many of the applications that implement vulnerable components take a long time to be patched, representing ...