Secure Code Generation for Web Applications

被引：0

作者：

Johns, Martin ^{[1
,2
]}

Beyerlein, Christian ^{[3
]}

Giesecke, Rosemaria ^{[1
]}

Posegga, Joachim ^{[2
]}

机构：

[1] SAP Res CEC Karlsruhe, Karlsruhe, Germany

[2] Univ Passau, Fac Informat & Math, ISL, Passau, Germany

[3] Univ Hamburg, Dept Informat, SVS, Hamburg, Germany

来源：

ENGINEERING SECURE SOFTWARE AND SYSTEMS, PROCEEDINGS | 2010年 / 5965卷

关键词：

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

A large percentage of recent security problems, such as Cross-site Scripting or SQL injection, is caused by string-based code injection vulnerabilities. These vulnerabilities exist because of implicit code creation through string serialization. Based on an analysis of the vulnerability class' underlying mechanisms, we propose a general approach to outfit modern programming languages with mandatory means for explicit and secure code generation which provide strict separation between data and code. Using an exemplified implementation for the languages Java and HTML/JavaScript respectively, we show how our approach can be realized and enforced.

引用

页码：96 / +

页数：4

共 50 条

[1] Secure code generation for web applications
SAP Research - CEC Karlsruhe, Germany
不详
不详
Lect. Notes Comput. Sci., 1600, (96-113):
[2] Automatic Code Generation of MVC Web Applications
Paolone, Gaetanino
Marinelli, Martina
Paesani, Romolo
Di Felice, Paolino
COMPUTERS, 2020, 9 (03) : 1 - 29
[3] A source code perspective framework to produce secure web applications
Agrawal A.
Alenezi M.
Kumar R.
Khan R.A.
Comput. Fraud Secur., 2019, 10 (11-18): : 11 - 18
[4] A Pilot Study on Secure Code Generation with ChatGPT forWeb Applications
Jamdade, Mahesh
Liu, Yi
PROCEEDINGS OF THE 2024 ACM SOUTHEAST CONFERENCE, ACMSE 2024, 2024, : 229 - 234
[5] Automatic Code Generation System for Transactional Web Applications
Florez, Hector
Garcia, Edwarth
Munoz, Deisy
COMPUTATIONAL SCIENCE AND ITS APPLICATIONS - ICCSA 2019, PT V: 19TH INTERNATIONAL CONFERENCE, SAINT PETERSBURG, RUSSIA, JULY 14, 2019, PROCEEDINGS, PART V, 2019, 11623 : 436 - 451
[6] Model-Driven Code Generation for Secure Smart Card Applications
Moebius, Nina
Stenzel, Kurt
Grandy, Holger
Reif, Wolfgang
ASWEC 2009: 20TH AUSTRALIAN SOFTWARE ENGINEERING CONFERENCE, PROCEEDINGS, 2009, : 44 - 53
[7] Online Model Editing, Simulation and Code Generation for Web and Mobile Applications
Bernaschina, Carlo
Comai, Sara
Fraternali, Piero
2017 IEEE/ACM 9TH INTERNATIONAL WORKSHOP ON MODELLING IN SOFTWARE ENGINEERING (MISE), 2017, : 33 - 39
[8] Secure input for web applications
Szydlowski, Martin
Kruegel, Christopher
Kirda, Engin
TWENTY-THIRD ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2007, : 375 - 384
[9] Developing secure Web applications
Scott, D
Sharp, R
IEEE INTERNET COMPUTING, 2002, 6 (06) : 38 - 45
[10] On certifying mobile code for secure applications
Ghosh, AK
NINTH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING, PROCEEDINGS, 1998, : 381 - 381

← 1 2 3 4 5 →