AProSec: An aspect for programming secure web applications

Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007

Volumn , Issue , 2007, Pages 1026-1033

  Hermosillo, Gabriel ^a   Gomez, Roberto ^a   Seinturier, Lionel ^b   Duchien, Laurence ^b  

^a SCHOOL OF ENGINEERING AND SCIENCES   (Mexico)

^b ECOLE CENTRALE DE LILLE   (France)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER SOFTWARE; OBJECT ORIENTED PROGRAMMING; PARAMETERIZATION; SERVERS; WEB SERVICES;

APROSEC; ASPECT-ORIENTED PROGRAMMING (AOP); MODULARITY; RUNTIME PLATFORMS;

NETWORK SECURITY;

EID: 34548160486     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2007.43     Document Type: Conference Paper

References (18)

1. OWASP Top Ten Most Critical Web Application Security Vulnerabilities, http://www.owasp.org
2. G. Kiczales, J. Lamping, A. Mendhekar, C. Maeda, C. Lopes, J.-M. Loingtier, J. Irwin. Aspect-Oriented Programming. Proceedings of the 11th European Conference on Object-Oriented Programming (ECOOP'97). LNCS 1241. pp 220-242. June 1997. Springer-Verlag.
3. G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm, W. Griswold. Overview of AspectJ. Proceedings of the 15th European Conference on Object-Oriented Programming (ECOOP,01). LNCS 2072. pp 327-353. June 2001. Springer-Verlag.
4. M. Fleury, F. Reverbel. The JBoss Extensible Server. Proceedings of the 4th ACM/IFIP/USENIX International Conference on Distributed Systems Platforms and Open Distributed Processing (Middleware'03). LNCS 2672. pp 344-373. June 2003. Springer-Verlag.
5. J. Viega, J.T. Bloch and P. Chandri, Applying AspectOriented Programming to Security, Cutter IT Journal, Volume 14, No. 2, pp. 31-39, 2001 10
6. G. Buehrer, B. Weide, P. Sivilotti, Paolo, Using Parse Tree Validation to Prevent SQL Injection Attacks, Proceedings of the 5th international workshop on Software engineering and middleware SEM '05, p. 106 - 113, September 2005.
7. W. Halfond, A. Orso, AMNESIA: Analysis and Monitoring for Neutralizing SQL - Injection Attacks. In Proceedings of 20th ACM International Conference on Automated Software Engineering (ASE), Nov. 2005. 7, 2005, p. 174-183.
8. R. McClure, I. Krüger, Sql Dom: Compile Time Checking of Dynamic SQL Statements. Proceedings of the 27th international conference on Software engineering, p. 88 -96, May 2005.
9. Kc, Gaurav, A. Keromytis, V. Prevelakis, Countering Code-Injection Attacks With Instruction-Set Randomization. CCS'03, Proceedings of the 10th ACM conference on Computer and communications security, p.272 - 280, October 2003.
10. K. Mookhey, N. Burghate, Detection of SQL Injection and Cross-site Scripting Attacks. SecurityFocus. Marzo 17, 2004.
11. rd International Conference on Aspect-Oriented Software Development (AOSD'04). March 2004. Lancaster, UK.
12. G. Bostrom. Database Encryption as an Aspect. In 11.
13. R. Laney, J. van der Linden, P. Thomas. Evolution of Aspects for Legacy System Security Concerns. In 11.
14. M. Huang, C. Wang, L. Zhang. Toward a Reusable and Generic Security Aspect Library. In 11.
15. T. Verhanneman, F. Piessens, B. De Win, W. Joosen. View Connectors for the Integration of Domain Specific Access Control. In 11.
16. B. De Win, F. Sanen, E. Truyen, W. Joosen, M. Südholt. Study of the Security Concern. Network of Excellence on Aspect-Oriented Software Development. Milestone 9.1. July 2005.
17. B. De Win, W. Joosen, F. Piessens. AOSD & Security: A Practical Assessment. Workshop on Software Engineering Properties of Languages for Aspect Technologies (SPLAT) @ AOSD'03. pp 1-6. Boston, USA. March 2003.
18. K. Kawauchi, H. Masuhara. Dataflow Pointcut for Integrity Concerns. In 11.