Protecting web applications via Unicode extension

2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER) Pub Date : 2015-03-02 DOI:10.1109/SANER.2015.7081852

Boze Zekan, Mark Shtern, Vassilios Tzerpos

引用次数: 1

Abstract

Protecting web applications against security attacks, such as command injection, is an issue that has been attracting increasing attention as such attacks are becoming more prevalent. Taint tracking is an approach that achieves protection while offering significant maintenance benefits when implemented at the language library level. This allows the transparent re-engineering of legacy web applications without the need to modify their source code. Such an approach can be implemented at either the string or the character level.

查看原文本刊更多论文

通过Unicode扩展保护web应用程序

保护web应用程序不受安全攻击(如命令注入)的侵害是一个越来越受到关注的问题，因为这类攻击正变得越来越普遍。当在语言库级别实现时，污点跟踪是一种既能实现保护又能提供显著维护好处的方法。这允许对遗留web应用程序进行透明的重新设计，而无需修改其源代码。这种方法可以在字符串或字符级别实现。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER)

自引率

0.00%

发文量