In software development and analysis it may be useful to determine whether particular software units (e.g., modules, algorithms, processes, and so on) are vulnerable to malicious attacks. For example, in the case of software including a web application, the software may be vulnerable to various types of attack such as cross-site scripting, SQL injection, log forging and so on. Use of software that is vulnerable to these and other sorts of attack may subject individuals and/or organizations to costly liability, loss, and other undesirable consequences.