Control-Flow Integrity in Web Applications Using Security Policies to Automate Placement of Network Intrusion Prevention.- Idea: Callee-Site Rewriting of Sealed System Libraries.- Towards Unified Authorization for Android.- Model-Based Usage Control Policy Derivation.- Compositional Verification of Application-Level Security Properties.- Towards Verifying Voter Privacy through Unlinkability.- Confidentiality for Probabilistic Multi-threaded Programs and Its Verification.- A Fully Homomorphic Crypto-Processor Design: Correctness of a Secret Computer.- DKAL: Constructing Executable Specifications of Authorization Protocols.- A Formal Approach for Inspecting Privacy and Trust in Advanced Electronic services.- Idea: Writing Secure C Programs with SecProve.- Anatomy of Exploit Kits: Preliminary Analysis of Exploit Kits as Software Artefacts.- An Empirical Study on the Effectiveness of Security Code Review.- Eliminating SQL Injection and Cross Site Scripting Using Aspect Oriented Programming.

This book constitutes the refereed proceedings of the 5th International Symposium on Engineering Secure Software and Systems, ESSoS 2013, held in Paris, France, in February/March 2013. The 13 revised full papers presented together with two idea papers were carefully reviewed and selected from 62 submissions. The papers are organized in topical sections on secure programming, policies, proving, formal methods, and analyzing.