{"title":"使用安全设计模式解决常见的Web应用程序漏洞","authors":"A. Ratnaparkhi, Yi Liu","doi":"10.1109/EIT51626.2021.9491919","DOIUrl":null,"url":null,"abstract":"Many software vulnerabilities originate during the design stage of the software development process. Secure design patterns can address vulnerabilities in the design level. However, few solid research studies have been done on applying secure pat-terns to tackle web application vulnerabilities and the researchers found that the security patterns are harder for developers to use than conventional design patterns. This paper presents an approach for selecting appropriate secure design patterns to tackle web application vulnerabilities. In this pilot study, we focus on two most common web application vulnerabilities: SQL injection (SQLi) and Cross-site scripting (XSS). The paper also uses a case study to demonstrate the implementation of the chosen pattern in redesigning a vulnerable application. The results from the evaluation show that the proposed pattern can effectively address SQLi and XSS vulnerabilities. Although SQLi and XSS are the targeted vulnerabilities in the approach, based on the success of this study, we believe that the approach is promising to be applied more generally.","PeriodicalId":162816,"journal":{"name":"2021 IEEE International Conference on Electro Information Technology (EIT)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Towards Tackling Common Web Application Vulnerabilities Using Secure Design Patterns\",\"authors\":\"A. Ratnaparkhi, Yi Liu\",\"doi\":\"10.1109/EIT51626.2021.9491919\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Many software vulnerabilities originate during the design stage of the software development process. Secure design patterns can address vulnerabilities in the design level. However, few solid research studies have been done on applying secure pat-terns to tackle web application vulnerabilities and the researchers found that the security patterns are harder for developers to use than conventional design patterns. This paper presents an approach for selecting appropriate secure design patterns to tackle web application vulnerabilities. In this pilot study, we focus on two most common web application vulnerabilities: SQL injection (SQLi) and Cross-site scripting (XSS). The paper also uses a case study to demonstrate the implementation of the chosen pattern in redesigning a vulnerable application. The results from the evaluation show that the proposed pattern can effectively address SQLi and XSS vulnerabilities. Although SQLi and XSS are the targeted vulnerabilities in the approach, based on the success of this study, we believe that the approach is promising to be applied more generally.\",\"PeriodicalId\":162816,\"journal\":{\"name\":\"2021 IEEE International Conference on Electro Information Technology (EIT)\",\"volume\":\"44 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-05-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE International Conference on Electro Information Technology (EIT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EIT51626.2021.9491919\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Conference on Electro Information Technology (EIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EIT51626.2021.9491919","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards Tackling Common Web Application Vulnerabilities Using Secure Design Patterns
Many software vulnerabilities originate during the design stage of the software development process. Secure design patterns can address vulnerabilities in the design level. However, few solid research studies have been done on applying secure pat-terns to tackle web application vulnerabilities and the researchers found that the security patterns are harder for developers to use than conventional design patterns. This paper presents an approach for selecting appropriate secure design patterns to tackle web application vulnerabilities. In this pilot study, we focus on two most common web application vulnerabilities: SQL injection (SQLi) and Cross-site scripting (XSS). The paper also uses a case study to demonstrate the implementation of the chosen pattern in redesigning a vulnerable application. The results from the evaluation show that the proposed pattern can effectively address SQLi and XSS vulnerabilities. Although SQLi and XSS are the targeted vulnerabilities in the approach, based on the success of this study, we believe that the approach is promising to be applied more generally.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
