The Architectural Review of Web Security in Static and Dynamic Analysis

Our objective in web security is to move black box to white box in enterprise practices. In this paper, we explain how our approaches achieve the goal in terms of static and dynamic analysis. To better explain the framework and roadmap of analysis work, we describe our approaches by using macro and micro views individually. Based on this foundation, we explore dynamic analysis in string validation and node tracking, and introduce micro and macro views to architect comprehensive approaches. Micro view is related to the mechanism inside the node, so the event triggers and string validation are both under its coverage. Macro view is related to the node tracking which is under investigation of pattern benchmarking. Our evaluation reflects that a configurable and well-tuned topology helps architectural collaboration, consequently it achieve a better security governance. This paper further explains the architectural coherence of identification, validation and tracking. It started with node identification with further exploration to the issue identification.