X. Li and Y. Xue, A survey on server-side approaches to securing web applications, CSUR, vol.46, issue.4, p.54, 2014.

, OWASP top 10-2013, Tech. rep., OWASP Foundation, 2013.

R. Sandhu, D. Ferraiolo, and R. Kuhn, The NIST model for role-based access control: towards a unified standard, RBAC'00, pp.47-63, 2000.

J. G. Alfaro, N. Boulahia-cuppens, and F. Cuppens, Complete analysis of configuration rules to guarantee reliable network security policies, JIS, vol.7, issue.2, pp.103-122, 2008.
URL : https://hal.archives-ouvertes.fr/hal-01207771

H. Hu, G. Ahn, and K. Kulkarni, Anomaly discovery and resolution in web access control policies, SACMAT'11, pp.165-174, 2011.

M. Shehab, S. Al-haj, S. Bhagurkar, and E. Al-shaer, Anomaly discovery and resolution in MySQL access control policies, DEXA'12, pp.514-522, 2012.

H. Hamed and E. Al-shaer, Taxonomy of conflicts in network security policies, Communications Magazine, IEEE, vol.44, issue.3, pp.134-141, 2006.

S. Preda, N. Cuppens-boulahia, F. Cuppens, J. García-alfaro, and L. Toutain, ModelDriven Security Policy Deployment: Property Oriented approach, ESSoS'10, pp.123-139, 2010.
URL : https://hal.archives-ouvertes.fr/hal-00540842

S. Martínez, V. Cosentino, and J. Cabot, Model-based Analysis of Java EE Web Security Configurations, MISE workshop, 2016.

H. Bruneliere, J. Cabot, G. Dupé, and F. Madiot, Modisco: A model driven reverse engineering framework, IST, vol.56, issue.8, pp.1012-1032, 2014.
URL : https://hal.archives-ouvertes.fr/hal-00972632

F. Jouault, F. Allilaire, J. Bézivin, and I. Kurtev, ATL: a model transformation tool, SCP, vol.72, pp.31-39, 2008.
URL : https://hal.archives-ouvertes.fr/hal-00483363

O. Omg, , 2005.

M. Richters and M. Gogolla, Validating UML models and OCL constraints, UML'00, pp.265-277, 2000.

E. Framework, Emf: Ocl plugin for the eclipse modeling framework, 2011.

H. Le, D. C. Nguyen, L. Briand, and B. Hourte, Automated inference of access control policies for web applications, SACMAT'20, 2015.

H. Lockhart, B. Parducci, A. Anderson, and O. Xacml-tc, , 2013.

Y. Ledru, N. Qamar, A. Idani, J. Richier, and M. Labiadh, Validation of security policies by the animation of z specifications, SACMAT'11, pp.155-164, 2011.
URL : https://hal.archives-ouvertes.fr/hal-00860805

K. Fisler, S. Krishnamurthi, L. A. Meyerovich, and M. C. Tschantz, Verification and change-impact analysis of access-control policies, ICSE'27, pp.196-205, 2005.

J. Musset, ´. E. Juliot, S. Lacrampe, W. Piers, C. Brun et al., Acceleo user guide

D. Steinberg, F. Budinsky, M. Paternostro, and E. Merks, EMF: Eclipse Modeling Framework 2.0, 2nd Edition, 2009.

G. Search and A. ,

P. Mazzoleni, B. Crispo, S. Sivasubramanian, and E. Bertino, XACML Policy Integration Algorithms, vol.11, p.4, 2008.

S. Davy, B. Jennings, and J. Strassner, The Policy Continuum-Policy Authoring and Conflict Analysis, vol.31, pp.2981-2995, 2008.

S. Martínez, J. García-alfaro, F. Cuppens, N. Cuppens-boulahia, and J. Cabot, Model-driven integration and analysis of access-control policies in multi-layer information systems, IFIP SEC'15, pp.218-233, 2015.

V. C. Hu, E. Martin, J. Hwang, and T. Xie, Conformance checking of access control policies specified in XACML, COMPSAC'07, vol.2, pp.275-280, 2007.

D. Basin, J. Doser, and T. Lodderstedt, Model driven security: From uml models to access control infrastructures, TOSEM, vol.15, issue.1, pp.39-91, 2006.

T. Lodderstedt, D. Basin, and J. Doser, Secureuml: A uml-based modeling language for model-driven security, UML'02, pp.426-441, 2002.

J. Jürjens, UMLsec: Extending UML for secure systems development, UML'02, pp.412-425, 2002.

J. Jürjens, J. Schreck, and P. Bartmann, Model-based security analysis for mobile communications, ICSE'08, pp.683-692, 2008.

M. H. Alalfi, J. R. Cordy, and T. R. Dean, Recovering role-based access control security models from dynamic web applications, ICWE'12, pp.121-136, 2012.

D. Letarte and E. Merlo, Extraction of inter-procedural simple role privilege models from php code, in: WCRE'09, pp.187-191, 2009.

F. Gauthier, D. Letarte, T. Lavoie, and E. Merlo, Extraction and comprehension of moodle's access control model: A case study, PST'11, pp.44-51, 2011.

L. Koved, M. Pistoia, and A. Kershenbaum, Access rights analysis for java, ACM SIGPLAN Notices, vol.37, pp.359-372, 2002.

V. Cosentino, J. Cabot, P. Albert, P. Bauquel, and J. Perronnet, A model driven reverse engineering framework for extracting business rules out of a Java application, International Workshop on Rules and Rule Markup Languages for the Semantic Web, pp.17-31, 2012.
URL : https://hal.archives-ouvertes.fr/hal-00755010

M. Weiser, Program slicing, Proceedings of the 5th international conference on Software engineering, pp.439-449, 1981.

S. Martinez, V. Cosentino, J. Cabot, and F. Cuppens, Reverse engineering of database security policies, International Conference on Database and Expert Systems Applications, pp.442-449, 2013.
URL : https://hal.archives-ouvertes.fr/hal-01161908

V. Cosentino and S. Martinez, Extracting UML/OCL integrity constraints and derived types from relational databases, 13th International Workshop on OCL, Model Constraint and Query Languages, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00869231