Abstracting application-level web security

11 years 3 months ago
Abstracting application-level web security
ing Application-Level Web Security David Scott Laboratory For Communications Engineering Engineering Department Trumpington Street Cambridge CB2 1PZ Richard Sharp Computer Laboratory William Gates Building JJ Thompson Avenue Cambridge CB3 0FD Application-level web security refers to vulnerabilities inherent in the code of a web-application itself (irrespective of the technologies in which it is implemented or the security of the web-server/back-end database on which it is built). In the last few months application-level vulnerabilities have been exploited with serious consequences: hackers have tricked e-commerce sites into shipping goods for no charge, usernames and passwords have been harvested and confidential information (such as addresses and credit-card numbers) has been leaked. In this paper we investigate new tools and techniques which address the problem of application-level web security. We (i) describe a scalable structuring mechanism ...
David Scott, Richard Sharp
Added 22 Nov 2009
Updated 22 Nov 2009
Type Conference
Year 2002
Where WWW
Authors David Scott, Richard Sharp
Comments (0)