通过编码约定和框架进行安全软件开发

The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI:10.1109/ARES.2007.131

T. Okubo, Hidehiko Tanaka

{"title":"通过编码约定和框架进行安全软件开发","authors":"T. Okubo, Hidehiko Tanaka","doi":"10.1109/ARES.2007.131","DOIUrl":null,"url":null,"abstract":"It is difficult to apply existing software development methods to security concerns. Using software for security testing purposes, in particular, is hard to do. The fact that there is a restriction on the implementation of software affects the ease with which security can be tested. In this paper we propose a decision process of coding conventions for security, mindful of testing security. Then, we apply our method to preventing injection attacks on Web application programs, and establish some coding conventions that can be used against injection attacks and cross site scripting. We also discuss security frameworks, which are also useful as conventions","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"134 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Secure Software Development through Coding Conventions and Frameworks\",\"authors\":\"T. Okubo, Hidehiko Tanaka\",\"doi\":\"10.1109/ARES.2007.131\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"It is difficult to apply existing software development methods to security concerns. Using software for security testing purposes, in particular, is hard to do. The fact that there is a restriction on the implementation of software affects the ease with which security can be tested. In this paper we propose a decision process of coding conventions for security, mindful of testing security. Then, we apply our method to preventing injection attacks on Web application programs, and establish some coding conventions that can be used against injection attacks and cross site scripting. We also discuss security frameworks, which are also useful as conventions\",\"PeriodicalId\":383015,\"journal\":{\"name\":\"The Second International Conference on Availability, Reliability and Security (ARES'07)\",\"volume\":\"134 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-04-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The Second International Conference on Availability, Reliability and Security (ARES'07)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2007.131\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The Second International Conference on Availability, Reliability and Security (ARES'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2007.131","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

将现有的软件开发方法应用于安全问题是很困难的。特别是为了安全测试的目的而使用软件是很难做到的。对软件实现的限制影响了测试安全性的便利性。在本文中，我们提出了一种考虑测试安全性的编码约定决策过程。然后，我们将该方法应用于防止Web应用程序的注入攻击，并建立了一些可用于防止注入攻击和跨站点脚本的编码约定。我们还将讨论安全框架，这些框架作为约定也很有用

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Secure Software Development through Coding Conventions and Frameworks

It is difficult to apply existing software development methods to security concerns. Using software for security testing purposes, in particular, is hard to do. The fact that there is a restriction on the implementation of software affects the ease with which security can be tested. In this paper we propose a decision process of coding conventions for security, mindful of testing security. Then, we apply our method to preventing injection attacks on Web application programs, and establish some coding conventions that can be used against injection attacks and cross site scripting. We also discuss security frameworks, which are also useful as conventions

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

The Second International Conference on Availability, Reliability and Security (ARES'07)

自引率

0.00%

发文量