Meder Kydyraliev presentation on HITB 2012 on the Defibrilating Web Security (pdf) talks about the powerful concept of Taint Tracking (see from slide 31)
He details about two PoCs he wrote (in Java and Ruby) which he calls Gravizapa, although I can't seem to find any references on those PoCs in the Interweb! Any idea if has been published?
Seeing how he hooked the JVM does make me wish the CLR allowed similar techniques (at run-time).
One think he missed with Trait Tracking is how that needs to be supported by SAST/Rules-analysis tools, since we will need to codify the app's behaviour (in order to deliver meaningful results)