Recommender: optimal injection code for detecting web app vulnerabilities