Has the Stability and Growth Pact stabilised? Evidence from a panel of 12 European countries and some implications for the reform of the Pact

Ever since its inception EMU has been subject to controversy. The fiscal policy rules embedded in the Treaty on European Union, and clarified in the Stability and Growth Pact (SGP), are probably the most contentious. The SGP is being accused of being too rigid and of forcing pro-cyclicality in fiscal policy. We test the impact of the SGP rules on the cyclical properties of fiscal policy for a panel of 12 European countries. We conclude that contrary to what might have been expected the euro fiscal rules have reinforced the counter-cyclicality of fiscal policy. However, the results also show that the SGP is not being applied symmetrically over the cycle, leading to insufficient fiscal consolidation during economic upswings. This explains the recent difficulties of Portugal, Germany and France in complying with SGP requirements. Based on these conclusions we argue for the creation of independent national technical committees that would define an appropriate deficit target on an annual basis.Fiscal policy, stabilisation, EMU, Stability and Growth Pact reform.

Evaluation of Web Security Mechanisms Using Vulnerability & Attack Injection

In this paper we propose a methodology and a prototype tool to evaluate web application security mechanisms. The methodology is based on the idea that injecting realistic vulnerabilities in a web application and attacking them automatically can be used to support the assessment of existing security mechanisms and tools in custom setup scenarios. To provide true to life results, the proposed vulnerability and attack injection methodology relies on the study of a large number of vulnerabilities in real web applications. In addition to the generic methodology, the paper describes the implementation of the Vulnerability & Attack Injector Tool (VAIT) that allows the automation of the entire process. We used this tool to run a set of experiments that demonstrate the feasibility and the effectiveness of the proposed methodology. The experiments include the evaluation of coverage and false positives of an intrusion detection system for SQL Injection attacks and the assessment of the effectiveness of two top commercial web application vulnerability scanners. Results show that the injection of vulnerabilities and attacks is indeed an effective way to evaluate security mechanisms and to point out not only their weaknesses but also ways for their improvemen

phpSAFE: A Security Analysis Tool for OOP Web Application Plugins

There is nowadays an increasing pressure to develop complex web applications at a fast pace. The vast majority is built using frameworks based on third-party server-side plugins that allow developers to easily add new features. However, as many plugin developers have limited programming skills, there is a spread of security vulnerabilities related to their use. Best practices advise the use of systematic code review for assure security, but free tools do not support OOP, which is how most web applications are currently developed. To address this problem we propose phpSAFE, a static code analyzer that identifies vulnerabilities in PHP plugins developed using OOP. We evaluate phpSAFE against two well-known tools using 35 plugins for a widely used CMS. Results show that phpSAFE clearly outperforms other tools, and that plugins are being shipped with a considerable number of vulnerabilities, which tends to increase over time.PEst-OE/EGE/UI4056/201