A relational model of data for large shared data banks
Communications of the ACM
Foundations of Databases: The Logical Level
Foundations of Databases: The Logical Level
Declarative specification of Web sites with S
The VLDB Journal — The International Journal on Very Large Data Bases
Hilda: A High-Level Language for Data-DrivenWeb Applications
ICDE '06 Proceedings of the 22nd International Conference on Data Engineering
Secure web applications via automatic partitioning
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Cross-tier, label-based security enforcement for web applications
Proceedings of the 2009 ACM SIGMOD International Conference on Management of data
Improving application security with data flow assertions
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Fine-grained privilege separation for web applications
Proceedings of the 19th international conference on World wide web
Dartmouth internet security testbed (DIST: building a campus-wide wireless testbed
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
SVC: selector-based view composition for web frameworks
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications
Proceedings of the 17th ACM conference on Computer and communications security
Static checking of dynamically-varying security policies in database-backed applications
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction
Proceedings of the 18th ACM conference on Computer and communications security
Context-sensitive auto-sanitization in web templating languages using type qualifiers
Proceedings of the 18th ACM conference on Computer and communications security
An ER-based framework for declarative web programming
PADL'10 Proceedings of the 12th international conference on Practical Aspects of Declarative Languages
SAFE extensibility of data-driven web applications
Proceedings of the 21st international conference on World Wide Web
Hi-index | 0.00 |
WEBLOG is a declarative language for web application development designed to automatically eliminate several security vulnerabilities common to today's web applications. In this paper, we introduce Weblog, detail the security vulnerabilities it eliminates, and discuss how those vulnerabilities are eliminated. We then evaluate Weblog's ability to build and secure real-world applications by comparing traditional implementations of 3 existing small- to medium-size web applications to Weblog implementations.