Using Aspect Programming to Secure Web Applications - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Article Dans Une Revue Journal of Software Année : 2007

Using Aspect Programming to Secure Web Applications

Résumé

As the Internet users increase, the need to protect web servers from malicious users has become a priority in many organizations and companies. Writing crosscutting functions in complex software should take advantage of the modularity offered by new software development approaches. With AspectOriented Programming (AOP), separating concerns when designing an application fosters reuse, parameterization and maintenance. In this paper, we design a security aspect called AProSec for detecting SQL injection and Cross Scripting Site (XSS), that are common attacks in web servers. We experimented this aspect with AspectJ language and JBoss AOP. By this experimentation, we show the advantage of runtime platforms such as JBoss AOP for changing security policies at runtime. Finally, we describe related work on security and AOP.
Fichier principal
Vignette du fichier
JSW90164_new.pdf (966.45 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

inria-00202894 , version 1 (08-01-2008)

Identifiants

  • HAL Id : inria-00202894 , version 1

Citer

Gabriel Hermosillo, Roberto Gomez, Lionel Seinturier, Laurence Duchien. Using Aspect Programming to Secure Web Applications. Journal of Software, 2007, 6 (2), pp.53-63. ⟨inria-00202894⟩
184 Consultations
898 Téléchargements

Partager

Gmail Facebook X LinkedIn More