Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2006
ACM
2006
ACM
Bridging the gap between web application firewalls and web applications
Web applications are the Achilles heel of our current ICT infrastructure. NIST's national vulnerability database clearly shows that the percentage of vulnerabilities located in the application layer increases steadily. Web Application Firewalls (WAFs) play an important role in preventing exploitation of vulnerabilities in web applications. However, WAFs are very pragmatic and ad hoc, and it is very hard to state precisely what security guarantees they offer. The main contribution of this paper is that it shows how, through a combination of static and dynamic verification, WAFs can formally guarantee the absence of certain kinds of erroneous behaviour in web applications. We have done a prototype implementation of our approach building on an existing static verification tool for Java, and we have applied our approach to a medium-sized J2EE based web application. Categories and Subject Descriptors D.2.4 [Software Engineering]: Software/Program Verification; F.3.1 [Logics and Meanin...
Real-time TrafficRelated Content
| Added | 20 Aug 2010 |
| Updated | 20 Aug 2010 |
| Type | Conference |
| Year | 2006 |
| Where | CCS |
| Authors | Lieven Desmet, Frank Piessens, Wouter Joosen, Pierre Verbaeten |
Comments (0)
Researcher Info
|
