A Formal and Automated Approach to Exploiting Multi-Stage Attacks of Web Applications