Designing Enterprise Applications: Java 2 Platform
Designing Enterprise Applications: Java 2 Platform
Core J2EE Patterns: Best Practices and Design Strategies
Core J2EE Patterns: Best Practices and Design Strategies
Patterns of Enterprise Application Architecture
Patterns of Enterprise Application Architecture
Java Data Objects
ASP.NET Unleashed
JDBC API Tutorial and Reference
JDBC API Tutorial and Reference
A Survey of Software Refactoring
IEEE Transactions on Software Engineering
XQuery: The XML Query Language
XQuery: The XML Query Language
Hibernate in Action (In Action series)
Hibernate in Action (In Action series)
SQL DOM: compile time checking of dynamic SQL statements
Proceedings of the 27th international conference on Software engineering
Safe query objects: statically typed objects as remotely executable queries
Proceedings of the 27th international conference on Software engineering
Using parse tree validation to prevent SQL injection attacks
SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Hacking Exposed Web Applications, Second Edition
Hacking Exposed Web Applications, Second Edition
Developing More-Secure Microsoft ASP.NET 2.0 Applications (Pro Developer)
Developing More-Secure Microsoft ASP.NET 2.0 Applications (Pro Developer)
Source Code Verification Tools for Software Security Bugs
Proceedings of the 2006 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the fifth SoMeT_06
The essence of data access in Cω: the power is in the dot!
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Hi-index | 0.00 |
Libraries are commonly though as toolboxes offering reusable components and algorithms. In this paper, we show that a properly designed library can also be used to enforce security, and hence to help in the creation of robust and secure applications. As an illustration, we choose database web applications, because they are the kind of applications that suffers from the highest amount of vulnerabilities. SQL injection or Cross Site Scripting are common examples. We present how a library can be designed in such a way to completely mitigate these vulnerabilities. We also show how a properly designed library does not only allow a programmer to write secure code, but can also make vulnerable code impossible to write. We validate our theories through the presentation of a concrete Java library named "Stones" that follows and applies our ideas. Finally, our approach is compared with related work and various practical results are stated.