International Journal of Scientific & Technology Research

Home About Us Scope Editorial Board Blog/Latest News Contact Us
10th percentile
Powered by  Scopus
Scopus coverage:
Nov 2018 to May 2020


IJSTR >> Volume 3- Issue 4, April 2014 Edition

International Journal of Scientific & Technology Research  
International Journal of Scientific & Technology Research

Website: http://www.ijstr.org

ISSN 2277-8616

Quality Of Secured Web Applications

[Full Text]






Index Terms: Aspect-Oriented Programming, SQL Injection and AspectJ



ABSTRACT: Adding security functions in existing Web application servers is now vital for the IS of companies and organizations. Writing crosscutting functions in complex software should take advantage of the modularity offered by new software development approaches. With Aspect-Oriented Programming (AOP), separating concerns when designing an application fosters reuse, parameterization and maintenance. In this paper, we design a security aspect called AOPSec for detecting SQL injection and Cross Scripting Site (XSS) that are common attacks in web Servers This paper presents a brief description for the mostly used AOP approaches and analyzes them from a security point of view. AspectJ is then considered the most appropriate language to enforce security issues but at the same time it is not complete. This paper shows that some security crosscutting concerns need more means than those that are currently exist in AspectJ.



[1]. OWASP Top Ten Most Critical Web Application Security Vulnerabilities, http://www.owasp.org

[2]. G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm,W. Griswold. Overview of AspectJ. Proceedings of the 15thEuropean Conference on Object-Oriented Programming (ECOOP'01). LNCS 2072. pp 327-353. June 2001. Springer-Verlag.

[3]. J. Viega, J.T. Bloch and P. Chandri, Applying Aspect-Oriented Programming to Security, Cutter IT Journal,Volume 14, No. 2, pp. 31-39, 2001 10

[4]. G. Buehrer, B. Weide, P. Sivilotti, Paolo, Using Parse Tree Validation to Prevent SQL Injection Attacks, Proceedings of the 5th international workshop on Software engineering and middleware SEM '05, p. 106 – 113, September 2005.

[5]. W. Halfond, A. Orso, AMNESIA: Analysis and Monitoring for Neutralizing SQL – Injection Attacks. In Proceedings of 20th ACM International Conference on Automated Software Engineering (ASE), Nov. 2005. 7, 2005, p. 174 – 183.

[6]. R. McClure, I. Krüger, Sql Dom: Compile Time Checking of Dynamic SQL Statements. Proceedings of the 27th international conference on Software engineering. p. 88 – 96, May 2005.

[7]. Kc, Gaurav, A. Keromytis, V. Prevelakis, Countering Code- Injection Attacks With Instruction-Set Randomization.CCS’03, Proceedings of the 10th ACM conference on Computer and communications security, p.272 – 280,October 2003.

[8]. K. Mookhey, N. Burghate, Detection of SQL Injection and Cross-site Scripting Attacks. SecurityFocus. Marzo 17, 2004.

[9]. Workshop for Application-level Security (AOSDSEC) @ the 3rd International Conference on Aspect-Oriented Software Development (AOSD’04). March 2004. Lancaster, UK.

[10]. G. Bostrom. Database Encryption as an Aspect. In 11.

[11]. R. Laney, J. van der Linden, P. Thomas. Evolution of Aspects for Legacy System Security Concerns. In 11.

[12]. M. Huang, C. Wang, L. Zhang. Toward a Reusable and Generic Security Aspect Library. In 11.

[13]. T. Verhanneman, F. Piessens, B. De Win, W. Joosen. View Connectors for the Integration of Domain Specific AccessControl. In 11.

[14]. B. De Win, F. Sanen, E. Truyen, W. Joosen, M. Südholt.Study of the Security Concern. Network of Excellence on Aspect-Oriented Software Development. Milestone 9.1. July 2005.

[15]. B. De Win, W. Joosen, F. Piessens. AOSD & Security: A Practical Assessment. Workshop on Software Engineering Properties of Languages for Aspect Technologies (SPLAT)@ AOSD’03. pp 1-6. Boston, USA. March 2003.

[16]. K. Kawauchi, H. Masuhara. Dataflow Pointcut for IntegrityConcerns. In 11.