Web security: a step-by-step reference guide
Web security: a step-by-step reference guide
Software security and privacy risks in mobile e-commerce
Communications of the ACM
Analysis and testing of Web applications
ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
ACM Transactions on Internet Technology (TOIT)
On-the-fly web content integrity check boosts users' confidence
Communications of the ACM
PowerForms: Declarative client-side form field validation
World Wide Web
IEEE Internet Computing
Web application security assessment by fault injection and behavior monitoring
WWW '03 Proceedings of the 12th international conference on World Wide Web
Specifying and Enforcing Application-Level Web Security Policies
IEEE Transactions on Knowledge and Data Engineering
A new approach to mobile code security
A new approach to mobile code security
Bypass Testing of Web Applications
ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering
Using XForms to simplify Web programming
WWW '05 Proceedings of the 14th international conference on World Wide Web
Client controlled security for web applications
LCN '05 Proceedings of the The IEEE Conference on Local Computer Networks 30th Anniversary
Web Development Evolution: The Assimilation of Web Engineering Security
LA-WEB '05 Proceedings of the Third Latin American Web Congress
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Preventing SQL injection attacks using AMNESIA
Proceedings of the 28th international conference on Software engineering
Securing web applications with static and dynamic information flow tracking
PEPM '08 Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Secure web forms with client-side signatures
ICWE'05 Proceedings of the 5th international conference on Web Engineering
Application identification of semantic web techniques in KM systems
ICCS'11 Proceedings of the 19th international conference on Conceptual structures for discovering knowledge
| Hi-index | 0.00 |
An Input validation can be a critical issue. Typically, a little attention is paid to it in a web development project, because overenthusiastic validation can tend to cause failures in the software, and can also break the security upon web applications such as an unauthorized access to data. Now, it is estimated the web application vulnerabilities (such as XSS or SQL injection) for more than two thirds of the reported web security vulnerabilities. In this paper, we start with a case study of the bypassing data validation and security vulnerabilities such as SQL injection and then go on to discuss the merits of a number of common data validation techniques. We also review the different solutions to date to provide data validation techniques in ecommerce applications. From this analysis, a new data validation service which is based upon semantic web Technologies, has been designed and implemented to prevent the web security vulnerabilities at the application level and to secure the web system even if the input validation modules are bypassed. Our semantic architecture consists of the following components: RDFa annotation for elements of web pages, interceptor, RDF extractor, RDF parser, and data validator. The experimental results of the pilot study indicate that the proposed data validation service might provide a detection, and prevention of some web application attacks.