JSW 2007 Vol.2(6): 53-63 ISSN: 1796-217X
doi: 10.4304/jsw.2.6.53-63
doi: 10.4304/jsw.2.6.53-63
Using Aspect Programming to Secure Web Applications
Gabriel Hermosillo Roberto Gomez1, Lionel Seinturier Laurence Duchien2
1ITESMCEM/Dpto. Ciencias Computacionales, Edo. de Mexico, Mexico
2University of LilleLIFLINRIA Project ADAM, Villeneuve d’Ascq, France
Abstract—As the Internet users increase, the need to protect web servers from malicious users has become a priority in many organizations and companies. Writing crosscutting functions in complex software should take advantage of the modularity offered by new software development approaches. With AspectOriented Programming (AOP), separating concerns when designing an application fosters reuse, parameterization and maintenance. In this paper, we design a security aspect called AProSec for detecting SQL injection and Cross Scripting Site (XSS), that are common attacks in web servers. We experimented this aspect with AspectJ language and JBoss AOP. By this experimentation, we show the advantage of runtime platforms such as JBoss AOP for changing security policies at runtime. Finally, we describe related work on security and AOP.
Index Terms—Aspectoriented programming, security, SQL injection, cross site scripting, design of web applications, reuse of aspect, dynamic weaving
2University of LilleLIFLINRIA Project ADAM, Villeneuve d’Ascq, France
Abstract—As the Internet users increase, the need to protect web servers from malicious users has become a priority in many organizations and companies. Writing crosscutting functions in complex software should take advantage of the modularity offered by new software development approaches. With AspectOriented Programming (AOP), separating concerns when designing an application fosters reuse, parameterization and maintenance. In this paper, we design a security aspect called AProSec for detecting SQL injection and Cross Scripting Site (XSS), that are common attacks in web servers. We experimented this aspect with AspectJ language and JBoss AOP. By this experimentation, we show the advantage of runtime platforms such as JBoss AOP for changing security policies at runtime. Finally, we describe related work on security and AOP.
Index Terms—Aspectoriented programming, security, SQL injection, cross site scripting, design of web applications, reuse of aspect, dynamic weaving
Cite: Gabriel Hermosillo Roberto Gomez, Lionel Seinturier Laurence Duchien, " Using Aspect Programming to Secure Web Applications," Journal of Software vol. 2, no. 6, pp. 53-63, 2007.
General Information
ISSN: 1796-217X (Online)
Frequency: Quarterly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, CNKI, Google Scholar, ProQuest, INSPEC(IET), ULRICH's Periodicals Directory, WorldCat, etc
E-mail: jsweditorialoffice@gmail.com
-
Mar 01, 2024 News!
Vol 19, No 1 has been published with online version [Click]
-
Jan 04, 2024 News!
JSW will adopt Article-by-Article Work Flow
-
Apr 01, 2024 News!
Vol 14, No 4- Vol 14, No 12 has been indexed by IET-(Inspec) [Click]
-
Apr 01, 2024 News!
Papers published in JSW Vol 18, No 1- Vol 18, No 6 have been indexed by DBLP [Click]
-
Nov 02, 2023 News!
Vol 18, No 4 has been published with online version [Click]