Title :
Protecting web applications via Unicode extension
Author :
Zekan, Boze ; Shtern, Mark ; Tzerpos, Vassilios
Author_Institution :
Electr. Eng. & Comput. Sci., York Univ., Toronto, ON, Canada
Abstract :
Protecting web applications against security attacks, such as command injection, is an issue that has been attracting increasing attention as such attacks are becoming more prevalent. Taint tracking is an approach that achieves protection while offering significant maintenance benefits when implemented at the language library level. This allows the transparent re-engineering of legacy web applications without the need to modify their source code. Such an approach can be implemented at either the string or the character level.
Keywords :
program debugging; security of data; software maintenance; command injection; language library level; legacy Web application; maintenance benefit; security attack; taint tracking; unicode extension; Databases; Java; Operating systems; Prototypes; Security; Servers;
Conference_Titel :
Software Analysis, Evolution and Reengineering (SANER), 2015 IEEE 22nd International Conference on
Conference_Location :
Montreal, QC
DOI :
10.1109/SANER.2015.7081852
