Injection vulnerabilities are still prevalent today, ranking first on OWASP top ten threats to software security. Developers often have trouble to adopt secure coding practices during the software development life cycle, failing to prevent these vulnerabilities. This paper addresses the problem of modular input validation for web applications as a countermeasure to several kinds of code injection attacks. The solution relies on annotations that enrich the metadata concerning the application's input parameters. This information is then used to automatically insert validation code in the target application, using aspect-oriented programming. Our approach allows to mitigate risks and to maintain security functionality separated from the application logic. © 2014 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Serme, G., Scholte, T., & De Oliveira, A. S. (2014). Enforcing input validation through aspect oriented programming. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8247 LNCS, pp. 316–332). Springer Verlag. https://doi.org/10.1007/978-3-642-54568-9_20
Mendeley helps you to discover research relevant for your work.