A pair of researchers from Ruhr-Universitat Bochum in Germany have been awarded the first $50,000 Internet Defense Prize for their work in combatting \u201csecond-order vulnerabilities\u201d in Web apps\u2014threats that lurk on Web servers until the time is right to strike.\n\n\nThe prize is funded by Facebook and orchestrated in conjunction with USENIX, which held its annual Security Symposium in San Diego this week. A Facebook security engineering manager blogged about the award this week.\n\n\nMORE from USENIX: 5 Cool New Security Breakthroughs\n\n\nThe researchers, Johannes Dahse and Thorsten Holz, presented a paper titled \u201cStatic Detection of Second-Order Vulnerabilities in Web Applications\u201d at the symposium. In it, they detail use of automatic\u00a0static code analysis to detect vulnerabilities before they inflect their pain on victims. (Second-order vulnerabilities are distinct from first-order threats like SQL injections and cross-site scripting.)\n\n\nThe award, which focuses on defending against security threats as opposed to just identifying or theorizing about them, is designed to fund additional research and possibly help bring the technology to market.