Towards Tackling Common Web Application Vulnerabilities Using Secure Design Patterns

2021 IEEE International Conference on Electro Information Technology (EIT) Pub Date : 2021-05-14 DOI:10.1109/EIT51626.2021.9491919

A. Ratnaparkhi, Yi Liu

{"title":"Towards Tackling Common Web Application Vulnerabilities Using Secure Design Patterns","authors":"A. Ratnaparkhi, Yi Liu","doi":"10.1109/EIT51626.2021.9491919","DOIUrl":null,"url":null,"abstract":"Many software vulnerabilities originate during the design stage of the software development process. Secure design patterns can address vulnerabilities in the design level. However, few solid research studies have been done on applying secure pat-terns to tackle web application vulnerabilities and the researchers found that the security patterns are harder for developers to use than conventional design patterns. This paper presents an approach for selecting appropriate secure design patterns to tackle web application vulnerabilities. In this pilot study, we focus on two most common web application vulnerabilities: SQL injection (SQLi) and Cross-site scripting (XSS). The paper also uses a case study to demonstrate the implementation of the chosen pattern in redesigning a vulnerable application. The results from the evaluation show that the proposed pattern can effectively address SQLi and XSS vulnerabilities. Although SQLi and XSS are the targeted vulnerabilities in the approach, based on the success of this study, we believe that the approach is promising to be applied more generally.","PeriodicalId":162816,"journal":{"name":"2021 IEEE International Conference on Electro Information Technology (EIT)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Conference on Electro Information Technology (EIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EIT51626.2021.9491919","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Many software vulnerabilities originate during the design stage of the software development process. Secure design patterns can address vulnerabilities in the design level. However, few solid research studies have been done on applying secure pat-terns to tackle web application vulnerabilities and the researchers found that the security patterns are harder for developers to use than conventional design patterns. This paper presents an approach for selecting appropriate secure design patterns to tackle web application vulnerabilities. In this pilot study, we focus on two most common web application vulnerabilities: SQL injection (SQLi) and Cross-site scripting (XSS). The paper also uses a case study to demonstrate the implementation of the chosen pattern in redesigning a vulnerable application. The results from the evaluation show that the proposed pattern can effectively address SQLi and XSS vulnerabilities. Although SQLi and XSS are the targeted vulnerabilities in the approach, based on the success of this study, we believe that the approach is promising to be applied more generally.

查看原文本刊更多论文

使用安全设计模式解决常见的Web应用程序漏洞

许多软件漏洞都是在软件开发过程的设计阶段产生的。安全设计模式可以解决设计级别的漏洞。然而，很少有关于应用安全模式来解决web应用程序漏洞的可靠研究，研究人员发现，安全模式比传统设计模式更难让开发人员使用。本文提出了一种选择合适的安全设计模式来解决web应用程序漏洞的方法。在这个试点研究中，我们关注两个最常见的web应用程序漏洞:SQL注入(SQLi)和跨站点脚本(XSS)。本文还使用一个案例研究来演示所选模式在重新设计易受攻击的应用程序中的实现。评估结果表明，该模式能够有效地解决SQLi和XSS漏洞。虽然SQLi和XSS是该方法的目标漏洞，但基于本研究的成功，我们相信该方法有望得到更广泛的应用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE International Conference on Electro Information Technology (EIT)

自引率

0.00%

发文量