Journal Article10.1109/TKDE.2003.1208998
Specifying and enforcing application-level Web security policies
David Scott,Richard Sharp +1 more
74
TL;DR: A scalable structuring mechanism facilitating the abstraction of security policies from large Web-applications developed in heterogeneous multiplatform environments is described and a set of tools which assist programmers in developing secure applications which are resilient to a wide range of common attacks are presented.
read more
Abstract: Application-level Web security refers to vulnerabilities inherent in the code of a Web-application itself (irrespective of the technologies in which it is implemented or the security of the Web-server/back-end database on which it is built). In the last few months, application-level vulnerabilities have been exploited with serious consequences: Hackers have tricked e-commerce sites into shipping goods for no charge, usernames and passwords have been harvested, and confidential information (such as addresses and credit-card numbers) has been leaked. We investigate new tools and techniques which address the problem of application-level Web security. We 1) describe a scalable structuring mechanism facilitating the abstraction of security policies from large Web-applications developed in heterogeneous multiplatform environments; 2) present a set of tools which assist programmers in developing secure applications which are resilient to a wide range of common attacks; and 3) report results and experience arising from our implementation of these techniques.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Book review: Applied cryptography: Protocols, algorithms, and source code in C
TL;DR: This is Applied Cryptography Protocols Algorithms And Source Code In C Applied Cryptographic Protocols algorithms and Source Code in C By Schneier Bruce Author Nov 01 1995 the best ebook that you can get right now online.
1.5K
The essence of command injection attacks in web applications
Zhendong Su,Gary Wassermann +1 more
- 11 Jan 2006
TL;DR: This paper presents the first formal definition of command injection attacks in the context of web applications, and gives a sound and complete algorithm for preventing them based on context-free grammars and compiler parsing techniques.
Patent
Communication across domains
Scott Isaacs,George M. Moore,Daniel R. Thorpe,Vasileios Zissimopoulos +3 more
- 13 Mar 2012
TL;DR: In this paper, a determination is made that an amount of data to be communicated via an Iframe exceeds a threshold amount, and the data is divided into a plurality of portions that do not exceed the threshold amount.
75
Patent
Running internet applications with low rights
Roberto A. Franco,Anantha P. Ganjam,John G. Bedworth,Peter T. Brundrett,Roland Tokumi,Jeremiah S. Epling,Daniel Sie,Jianrong Gu,Marc A. Silbey,Vidya Nallathimmayyagari,Bogdan M. Tepordei +10 more
- 03 Jun 2005
TL;DR: In this paper, applications that are configured to interact with the Internet in some way are executed in a restricted process with a reduced privilege level that can prohibit the application from accessing portions of an associated computing device.
48
A Survey on Web Application Penetration Testing
TL;DR: In this paper , a comprehensive review and comparison of common web penetration testing tools is provided to help web penetration testers choose a technology that is optimal for their requirements and also sets out to guide and provide recommendations to users for choosing the best web penetration test tool and increasing their awareness of secure web environments.
References
•Book
Applied Cryptography: Protocols, Algorithms, and Source Code in C
Bruce Schneier,Phil Sutherland +1 more
- 10 Nov 1993
TL;DR: This document describes the construction of protocols and their use in the real world, as well as some examples of protocols used in the virtual world.
4K
•Book
The Definition of Standard ML
Robin Milner,Mads Tofte,Robert Harper +2 more
- 01 Jan 1990
TL;DR: This book provides a formal definition of Standard ML for the benefit of all concerned with the language, including users and implementers, and the authors have defined their semantic objects in mathematical notation that is completely independent of StandardML.
2.7K
A theory of type polymorphism in programming
TL;DR: This work presents a formal type discipline for polymorphic procedures in the context of a simple programming language, and a compile time type-checking algorithm w which enforces the discipline.
2.6K
Keying Hash Functions for Message Authentication
Mihir Bellare,Ran Canetti,Hugo Krawczyk +2 more
- 18 Aug 1996
TL;DR: Two new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths.
Book review: Applied cryptography: Protocols, algorithms, and source code in C
TL;DR: This is Applied Cryptography Protocols Algorithms And Source Code In C Applied Cryptographic Protocols algorithms and Source Code in C By Schneier Bruce Author Nov 01 1995 the best ebook that you can get right now online.
1.5K