Advertisement

Web Application Security—Past, Present, and Future

  • Yao-Wen Huang
  • D. T. Lee

Abstract

Web application security remains a major roadblock to universal acceptance of the Web for many kinds of online transactions, especially since the recent sharp increase in remotely exploitable vulnerabilities has been attributed to Web application bugs. In software engineering, software testing is an established and well-researched process for improving software quality. Recently, formal verification tools have also shown success in discovering vulnerabilities in C programs. In this chapter we shall discuss how to apply software testing and verification algorithms to Web applications and improve their security attributes. Two of the most common Web application vulnerabilities that are known to date are script injection, e.g., SQL injection, and cross-site scripting (XSS). We will formalize these vulnerabilities as problems related to information flow security—a conventional topic in security research. Using this formalization, we then present two tools, WAVES (Web Application Vulnerability and Error Scanner) and Web-SSARI (Web Application Security via Static Analysis and Runtime Inspection), which respectively utilize software testing and verification to deal in particular with script injection and XSS and address in general the Web application security problems. Finally we will present some results obtained by applying these tools to real-world Web applications that are in use today, and give some suggestions about the future research direction in this area.

Keywords

Web application security software testing software verification 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [Allen, 1976]
    Allen, F. E, Cocke, J. A Program Data Flow Analysis Procedure. Communications of the ACM, 19(3):13147, March 1976.CrossRefGoogle Scholar
  2. [Andrews and Reitman, 1980]
    Andrews, G. R., Reitman, R. P. An Axiomatic Approach to Information Flow in Programs. ACM Transactions on Programming Languages and Systems, 2(1), 56–76, 1980.CrossRefzbMATHGoogle Scholar
  3. [Ashcraft and Engler, 2002]
    Ashcraft, K., Engler, D. Using Programmer-Written Compiler Extensions to Catch Security Holes. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 131–147, Oakland, California, 2002.Google Scholar
  4. [Augustin et al., 2002]
    Augustin, L., Bressler, D., Smith, G. Accelerating Software Development through Collaboration. In Proceedings of the 24th International Conference on Software Engineering, pages 559–563, Orlando, Florida, May 19–25, 2002.Google Scholar
  5. [Auronen, 2002]
    Auronen, L. Tool-Based Approach to Assessing Web Application Security. Helsinki University of Technology, Nov 2002.Google Scholar
  6. [Ball and Rajamani, 2001]
    Ball, T., Rajamani, S. K., Automatically Validating Temporal Safety Properties of Interfaces. In Proceedings of the 8th International SPIN Workshop on Model Checking of Software, pages 103–122, volume LNCS 2057, Toronto, Canada, May 19–21, 2001. Springer-Verlag.Google Scholar
  7. [Banatre et al., 1994]
    Banatre, J. P., Bryce, C., Le Metayer, D. Compile-time Detection of Information Flow in Sequential Programs. In Proceedings of the Third European Symposium on Research in Computer Security, pages 55–73, volume LNCS 875, Brighton, UK, Nov 1994. Springer-Verlag.Google Scholar
  8. [Banerjee and Naumann, 2002]
    Banerjee, A., Naumann, D.A. Secure Information Flow and Pointer confinement in a Java-Like Language. In Proceedings of the 15th Computer Security Foundations Workshop, pages 239–253, Nova Scotia, Canada, 2002.Google Scholar
  9. [Barth, 1978]
    Barth, J. M. A Practical Interprocedural Data Flow Analysis Algorithm. Communications of the ACM 21(9):724–736, 1978.CrossRefGoogle Scholar
  10. [Bell and La Padula, 1976]
    Bell, D. E., La Padula, L. J. Secure Computer System: Unified Exposition and Multics Interpretation. Tech Rep. ESD-TR-75-306, MITRE Corporation, 1976.Google Scholar
  11. [Benedikt et al., 2002]
    Benedikt M., Freire J., Godefroid P., VeriWeb: Automatically Testing Dynamic Web Sites. In Proceedings of the 11th International Conference on the World Wide Web (Honolulu, Hawaii, May 2002).Google Scholar
  12. [Bergman, 2001]
    Bergman, M. K. The Deep Web: Surfacing Hidden Value. Deep Content Whitepaper, 2001.Google Scholar
  13. [Biba, 1977]
    Biba, K. J. Integrity Considerations for Secure Computer Systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Bedford, Massachusetts, Apr 1977.Google Scholar
  14. [Bishop, 1996]
    Bishop, M., Dilger, M. Checking for Race Conditions in File Accesses. Computing Systems, 9(2):131–152, Spring 1996.Google Scholar
  15. [Bobbitt, 2002]
    Bobbitt, M. Bulletproof Web Security. Network Security Magazine, TechTarget Storage Media, May 2002. http://infosecuritymag.techtarget.com/2002/may/bulletproof.shtmlGoogle Scholar
  16. [Bowman et al., 1995]
    Bowman, C. M., Danzig, P., Hardy, D., Manber, U., Schwartz, M., Wessels, D. Harvest: A Scalable, Customizable Discovery and Access System. Technical Report CU-CS-732-94., Department of Computer Science, University of Colorado, Boulder, 1995.Google Scholar
  17. [CERT, 2001]
    CERT. CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests. http://www.cgisecurity.com/articles/xss-faq.shtmlGoogle Scholar
  18. [Chen and Wagner, 2002]
    Chen, H., Wagner, D. MOPS: an Infrastructure for Examining Security Properties of Software. In ACM conference on computer and communication security (Washington, D.C., Nov 2002).Google Scholar
  19. [Cho and Garcia-Molina, 2002] Cho, J., Garcia-Molina, H. Parallel Crawlers. In Proceedings of the l1th International Conference on the World Wide Web (Honolulu, Hawaii, May 2002), 124–135.Google Scholar
  20. [Cousot and Cousot, 1977]
    Cousot, P., Cousot, R. Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Constructions or Approximation of Fixpoints. In Conference Record of the Fourth ACM Symposium on Principles of Programming Languages, pages 238–252, 1977.Google Scholar
  21. [Cowan et al., 1998]
    Cowan, C., D. Maier, C. Pu, Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Conference, pages 63–78, San Antonio, Texas, Jan 1998.Google Scholar
  22. [Cowan, 2002]
    Cowan, C. Software Security for Open-Source Systems. IEEE Security and Privacy, 1(1):38–45, 2003.CrossRefGoogle Scholar
  23. [Curphey et al., 2002]
    Curphey, M., Endler, D., Hau, W., Taylor, S., Smith, T., Russell, A., McKenna, G., Parke, R., McLaughlin, K., Tranter, N., Klien, A., Groves, D., By-Gad, I., Huseby, S., Eizner, M., McNamara, R. A Guide to Building Secure Web Applications. The Open Web Application Security Project, v.1.1.1, Sep 2002.Google Scholar
  24. [Darvas and Hähnle, 2003]
    Darvas, A., Hähnle, R., Sands, D. A Theorem Proving Approach to Analysis of Secure Information Flow. In Proceedings of the Workshop on Issues in the Theory of Security, Warsaw, Poland, Apr 5–6, 2003.Google Scholar
  25. [Das et al., 2002]
    Das, M., Lerner, S., Seigle, M. ESP: Path-Sensitive Program Verification in Polynomial Time. In Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 57–68, Berlin, Germany, 2002.Google Scholar
  26. [DeKok]
    DeKok, A. PScan: A Limited Problem Scanner for C Source Files. http://www.striker.ottawa.on.ca/~aland/pscan/Google Scholar
  27. [DeLine and Fahndrich, 2001]
    DeLine, R. Fahndrich, M. Enforcing High-Level Protocols in Low-Level Software. In Proceedings of the ACM SIG-PLAN 2001 Conference on Programming Language Design and Implementation, pages 59–69, Snowbird, Utah, 2001.Google Scholar
  28. [Denning, 1976]
    Denning, D. E. A Lattice Model of Secure Information Flow. Communications of the ACM, 19(5):236–243, 1976.zbMATHMathSciNetCrossRefGoogle Scholar
  29. [DeRemer, 1971]
    DeRemer, F. Simple LR(k) Grammars. Communications of the ACM, 14(7):453–460, 1971.zbMATHMathSciNetCrossRefGoogle Scholar
  30. [Dharmapurikar et al., 2003]
    Dharmapurikar, S., Krishnamurthy, P., Sproull, T., and Lockwood, J. Deep Packet Inspection Using Parallel Bloom Filters. In Proceedings of the 11th Symposium on High Performance Interconnects, pages 44–51, Stanford, California, 2003.Google Scholar
  31. [Di.
    Lucca et al., 2001]_Di Lucca, G.A.; Di Penta, M.; Antoniol, G.; Casazza, G. An approach for reverse engineering of web-based applications. In Proceedings of the Eighth Working Conference on Reverse Engineering (Stuttgart, Germany, Oct 2001), 231–240.Google Scholar
  32. [Di Lucca et al., 2002]
    Di Lucca, G.A., Fasolino, A.R., Pace, F., Tramontana, P., De Carlini, U. WARE: a tool for the reverse engineering of web applications. In Proceedings of the Sixth European Conference on Software Maintenance and Reengineering (Budapest, Hungary, Mar 2002), 241–250.Google Scholar
  33. [Doh and Shin, 2002]
    Doh, K. G., Shin, S. C. Detection of Information Leak by Data Flow Analysis. ACM SIGPLAN Notices, 37(8):66–71, 2002.CrossRefGoogle Scholar
  34. [Evans and Larochelle, 2002]
    Evans D., Larochelle, D. Improving Security Using Extensible Lightweight Static Analysis. IEEE Software, Jan 2002.Google Scholar
  35. [Federal Trade Commission, 2003]
    Federal Trade Commission. Security Check: Reducing Risks to your Computer Systems. 2003. http://www.ftc.gov/bcp/conline/pubs/buspubs/security.htmGoogle Scholar
  36. [Flanagan et al., 2002]
    Flanagan, C., Leino, K. R. M., Lillibridge, M., Nelson, G., Saxe, J. B., and Stata, R. Extended Static Checking for Java. In Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 234–245, volume 37(5) of ACM SIGPLAN Notices, Berlin, Germany, Jun 2002.CrossRefGoogle Scholar
  37. [Foster et al., 1999]
    Foster, J. S., Fiihndrich, M., Aiken, A. A Theory of Type Qualifiers. In Proceedings of the ACM SIGPLAN 1999 Conference on Programming Language Design and Implementation, pages 192–203, volume 34(5) of ACM SIGPLAN Notices, Atlanta, Georgia, May 1–4, 1999.CrossRefGoogle Scholar
  38. [Foster, 2002]
    Foster, J., Terauchi, T., Aiken, A. Flow-Sensitive Type Qualifiers. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, pages 1–12, Berlin, Jun 2002.Google Scholar
  39. [Gagnon et al., 1998]
    Gagnon, E. M., Hendren, L. J. SableCC, an Object-oOiented Compiler Framework. In Proceedings of the 1998 Conference on Technology of Object-Oriented Languages and Systems (TOOLS-98), pages 140–154, Santa Barbara, California, Aug 3–7, 1998.Google Scholar
  40. [Goguen and Meseguer, 1982]
    Goguen, J. A., Meseguer, J. Security Policies and Security Models. In Proceedings of the IEEE Symposium on Security and Privacy, pages 11–20, Oakland, California, Apr 1982.Google Scholar
  41. [Graham and Wegman, 1976]
    Graham, S., Wegman, M. A Fast and Usually Linear Algorithm for Global Flow Analysis. Journal of the ACM, 23(1):172–202, Janu 1976.MathSciNetCrossRefzbMATHGoogle Scholar
  42. [Guyer et al., 2002]
    Guyer, S. Z., Berger, E. D., Lin, C. Detecting Errors with Configurable Whole-program Dataflow Analysis. Technical Report, UTCS TR-02-04, The University of Texas at Austin, 2002.Google Scholar
  43. [Hallem et al., 2002]
    Hallem, S., Chelf, B., Xie, Y., Engler, D. A System and Language for Building System-Specific, Static Analyses. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, pages 69–82, Berlin, Germany, 2002.Google Scholar
  44. [Hecht and Ullman, 1973]
    Hecht, M. S., Ullman, J. D. Analysis of a Simple Algorithm For Global Flow Problems. In Conference Record of the First ACM Symposium on the Principles of Programming Languages, pages 207–217, Boston, Massachussets, 1973.Google Scholar
  45. [Henglein, 1992]
    Henglein, F. Dynamic Typing. In Proceedings of the Fourth European Symposium on Programming, pages 233–253, volume LNCS 582, Rennes, France, Feb 1992. Springer-Verlag.Google Scholar
  46. [Higgins et al., 2003]
    Higgins, M., Ahmad, D., Arnold, C. L., Dunphy, B., Prosser, M., and Weafer, V., Symantec Internet Security Threat Report—Attack Trends for Q3 and Q4 2002, Symantec, Feb 2003.Google Scholar
  47. [Holzmann, 2002]
    Holzmann, G. J. The Logic of Bugs. In Proceedings of the 10th ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 81–87, Charleston, South Carolina, 2002.Google Scholar
  48. [Huang et al., 2003]
    Huang, Y. W., Huang, S. K., Lin, T. P., Tsai, C. H. Web Application Security Assessment by Fault Injection and Behavior Monitoring. In Proceedings of the Twelfth International World Wide Web Conference, 148–159, Budapest, Hungary, May 21–25, 2003.Google Scholar
  49. [Huang et al., 2004a]
    Huang, Y. W., Tsai, C. H., Lee, D. T., Kuo, S. Y. Non-Detrimental Web Application Security Auditing. In Proceedings of the Fifteenth IEEE International Symposium on Software Reliability Engineering (ISSRE2004), Nov 2–5, Rennes and Saint-Malo, France, 2004.Google Scholar
  50. [Huang et al., 2004b]
    Huang, Y. W., Yu, F., Hang, C., Tsai, C. H., Lee, D. T., Kuo, S. Y. Securing Web Application Code by Static Analysis and Runtime Protection. In Proceedings of the Thirteenth International World Wide Web Conference (WWW2004), pages 40–52, New York, May 17–22, 2004.Google Scholar
  51. [Huang et al., 2004c]
    Huang, Y. W., Yu, F., Hang, C., Tsai, C. H., Lee, D. T., Kuo, S. Y. Verifying Web Applications Using Bounded Model Checking. In Proceedings of the 2004 International Conference on Dependable Systems and Networks (DSN2004), pages 199–208, Florence, Italy, Jun 28–Jul 1, 2004.Google Scholar
  52. [Hughes]
    Hughes, F. PHP: Most Popular Server-Side Web Scripting Technology. LWN.net. http://lwn.net/Articles/1433/Google Scholar
  53. [Ipeirotis and Gravano, 2002]
    Ipeirotis P., Gravano L., Distributed Search over the Hidden Web: Hierarchical Database Sampling and Selection. In Proceedings of the 28 th International Conference on Very Large Databases (Hong Kong, China, Aug 2002), 394–405.Google Scholar
  54. [Jensen et al., 1999]
    Jensen, T., Le Metayer, D., Thorn, T. Verification of Control Flow Based Security Properties. In Proceedings of the 20th IEEE Symtposium on Security and Privacy, pages 89–103, IEEE Computer Society, New York, USA, 1999.Google Scholar
  55. [Joshi and Leino, 2000]
    Joshi, R., Leino, K. M. A Semantic Approach to Secure Information Flow. Science of Computer Programming, 37(1–3):113–138, 2000.MathSciNetCrossRefzbMATHGoogle Scholar
  56. [Joshi et al., 2001]
    Joshi, J., Aref, W., Ghafoor, A., Spafford, E. Security Models for Web-Based Applications. Communications of the ACM, 44(2), 38–44, Feb 2001.CrossRefGoogle Scholar
  57. [Kavado, 2003]
    Kavado, Inc. InterDo Version 3.0. Kavado Whitepaper, 2003.Google Scholar
  58. [Krishnamurthy, 2004]
    Krishnamurthy, A. Hotmail, Yahoo in the run to rectify filter flaw. TechTree.com, March 24, 2004. http://www.techtree.com/techtree/jsp/showstory.jsp?storyid=5038Google Scholar
  59. [Larochelle and Evans, 2001]
    Larochelle, D., Evans, D. Statically Detecting Likely Buffer Overflow Vulnerabilites. In Proceedings of the 10th USENIX Security Symposium, Washington, D.C., Aug 2001.Google Scholar
  60. [Liddle et al., 2002]
    Liddle, S., Embley, D., Scott, D., Yau, S.H., Extracting Data Behind Web Forms. In Proceedings of the Workshop on Conceptual Modeling Approaches for e-Business (Tampere, Finland, Oct 2002).Google Scholar
  61. [Manber et al., 1997]
    Manber, U., Smith, M., Gopal B., WebGlimpse—Combining Browsing and Searching. In Proceedings of the USENIX 1997 Annual Technical Conference (Anaheim, California, Jan, 1997).Google Scholar
  62. [Mandre, 2003]
    Mandre, I. PHP 4 Grammar for SableCC 3 Complete with Transformations. Indrek's SableCC Page, 2003. http://www.mare.ee/indrek/sablecc/Google Scholar
  63. [Maor and Shulman, 2004]
    Maor O., Shulman, A., SQL Injection Signatures Evasion. Imperva, Inc., Apr 2004.Google Scholar
  64. [Meier et al., 2003]
    Meier, J.D., Mackman, A., Vasireddy, S. Dunner, M., Escamilla, R., Murukan, A. Inproving Web Application Security—Threats and Countermeasures. Microsoft Corporation, 2003.Google Scholar
  65. [Microsoft, 1997]
    Microsoft. Scriptlet Security. Getting Started with Scriptlets, MSDN Library, 1997. http://msdn.microsoft.com/library/default.asp? url=/library/en-us/dnindhtm/html/instantdhtmlscriptlets.aspGoogle Scholar
  66. [Microsoft, 2003]
    Microsoft. Visual C++ Compiler Options: /GS (Buffer Security Check). MSDN Library, 2003. http://msdn.microsoft.com/library/default.asp? url=/library/en-us/vccore/html/vclrfGSBufferSecurity.aspGoogle Scholar
  67. [Miller and Bharat, 1998]
    Miller, R. C., Bharat, K. SPHINX: A Framework for Creating Personal, Site-Specific Web Crawlers. In Proceedings of the 7th International World Wide Web Conference (Brisbane, Australia, April 1998), 119–130.Google Scholar
  68. [Mizuno and Schmidt, 1992]
    Mizuno, M., Schmidt, D. A. A Security Flow Control Algorithm and Its Denotational Semantics Correctness Proof. Formal Aspects of Computing, 4(6A):727–754, 1992.CrossRefzbMATHGoogle Scholar
  69. [Morrisett et al., 1999]
    Morrisett, G., Walker, D., Crary, K., Glew, N. From System F to Typed Assembly Language. ACM Transactions on Programming Languages and Systems, 21(3):528–569, May 1999.CrossRefGoogle Scholar
  70. [Mozilla]
    Mozilla.org. Mozilla Layout Engine. http://www.mozilla.org/newlayout/Google Scholar
  71. [Myers, 1999]
    Myers, A. C. JFlow: Practical Mostly-Static Information Flow Control. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 228–241, San Antonio, Texas, 1999.Google Scholar
  72. [Necula, 1997]
    Necula, G. C. Proof-Carrying Code. In Conference Record of the 24th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 106–119, Paris, France, Jan 1997.Google Scholar
  73. [Necula et al., 2002]
    Necula, G. C., McPeak, S., Weimer, W. CCured: Type-Safe Retrofitting of Legacy Code. In Proceedings of the 29th Annual ACM SIGPLAN-SIGA CT Symposium on Principles of Programming Languages, pages 128–139, Portland, Oregon, 2002.Google Scholar
  74. [Netscape]
    Netscape. JavaScript Security in Communicator 4.x. http://developer.netscape.com/docs/manuals/communicator/jssec/contents.htm#1023448Google Scholar
  75. [Neumann, 2000]
    Neumann, P. G. Risks to the Public in Computers and Related Systems. ACM SIGSOFT Software Engineering Notes, 25(3), p. 15–23, 2000.CrossRefGoogle Scholar
  76. [Ohmaki, 2002]
    Ohmaki, K. Open Source Software Research Activities in AIST towards Secure Open Systems. InProceedings of the 7th IEEE Int'l Symp. High Assurance Systems Engineering (HASE'02), p.37, Tokyo, Japan, Oct 23–25, 2002.Google Scholar
  77. [Orbaek, 1995]
    Orbaek, P. Can You Trust Your Data? In Proceedings of the 1995 TAPSOFT/FASE Conference, pages 575–590, volume LNCS 915, Aarhus, Denmark, May 1995. Springer-Verlag.Google Scholar
  78. [OWASP, 2003]
    OWASP. The Ten Most Critical Web Application Security Vulnerabilities. OWASP Whitepaper, version 1.0, 2003.Google Scholar
  79. [Park and Sandhu, 2002]
    Park, J. S., Sandhu, R. Role-Based Access Control on the Web. ACM Transactions on Information and System Security 4(1):37–71, 2001.CrossRefGoogle Scholar
  80. [Pottier and Simonet, 2003]
    Pottier, F., Simonet, V. Information Flow Inference for ML. ACM Transactions on Programming Languages and Systems, 25(1):117–158, 2003.CrossRefGoogle Scholar
  81. [Raghavan and Garcia-Molina, 2001]
    Raghavan, S., Garcia-Molina, H. Crawling the Hidden Web. In Proceedings of the 27th VLDB Conference (Roma, Italy, Sep 2001), 129–138.Google Scholar
  82. [Raghavan and Garcia-Molina, 2000]
    Raghavan, S., Garcia-Molina, H. Crawling the Hidden Web. Technical Report 2000-36, Database Group, Computer Science Department, Stanford (Nov 2000).Google Scholar
  83. [Rapps and Weyuker, 1985]
    Rapps, S., Weyuker, E. J. Selecting Software Test Data Using Data Flow Information. IEEE Transactions on Software Engineering, SE-11, p.367–375, 1985.Google Scholar
  84. [Ricca and Tonella, 2000] Ricca, F., Tonella, P. Web Site Analysis: Structure and Evolution. In Proceedings of the IEEE International Conference on Software Maintenance (San Jose, California, Oct 2000), 76–86.Google Scholar
  85. [Ricca and Tonella, 200la]
    Ricca, F., Tonella, P. Analysis and Testing of Web Applications. In Proceedings of the 23rd IEEE International Conference on Software Engineering (Toronto, Ontario, Canada, May 2001), 25–34.Google Scholar
  86. [Ricca and Tonella, 2001b] Ricca, F., Tonella, P. Understanding and Restructuring Web Sites with ReWeb. IEEE Multimedia, 8(2), 40–51, Apr 2001.CrossRefGoogle Scholar
  87. [Ricca and Tonella, 2001c]
    Ricca, F., Tonella, P. Web Application Slicing. In Proceedings of the IEEE International Conference on Software Maintenance (Florence, Italy, Nov 2001), 148–157.Google Scholar
  88. [Ricca and Tonella, 2002] Ricca, F., Tonella, P., Baxter, I. D. Restructuring Web Applications via Transformation Rules. Information and Software Technology, 44(13), 811–825, Oct 2002.CrossRefGoogle Scholar
  89. [Sabelfeld and Myers, 2003] Sabelfeld, A., Myers, A. C. Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications, 21(1):5–19, 2003.CrossRefGoogle Scholar
  90. [Sanctum, 2003]
    Sanctum Inc. Web Application Security Testing — AppScan 3.5. http://www.sanctuminc.comGoogle Scholar
  91. [Sanctum, 2002]
    Sanctum Inc. AppShield 4.0 Whitepaper (2002). http://www.sanctuminc.comGoogle Scholar
  92. [Sandhu, 1993]
    Sandhu, R. S. Lattice-Based Access Control Models. IEEE Computer, 26(11):9–19, 1993.Google Scholar
  93. [Schneider, 2000]
    Schneider, F. B. Enforceable Security Policies. ACM Transactions on Information and System Security, 3(1):30–50, Feb 2000.CrossRefGoogle Scholar
  94. [Scott and Sharp, 2002a]
    Scott, D., Sharp, R. Abstracting Application-Level Web Security. In Proceedings of the 11th International Conference on the World Wide Web (Honolulu, Hawaii, May 2002), 396–407.Google Scholar
  95. [Scott and Sharp, 2002b]
    Scott, D., Sharp, R. Developing Secure Web Applications. IEEE Internet Computing, 6(6), 38–45, Nov 2,002.CrossRefGoogle Scholar
  96. [Sebastien]
    Sebastien@ailleret.com. Larbin — A Multi-Purpose Web Crawler. http://larbin.sourceforge.net/index-eng.htmlGoogle Scholar
  97. [Secure Software]
    Secure Software, Inc. RATS—Rough Auditing Tool for Security. http://www.securesoftware.com/Google Scholar
  98. [Shankar et al., 2002]
    Shankar, U., Talwar, K., Foster, J. S., Wagner, D. Detecting Format String Vulnerabilities with Type Qualifiers. In Proceedings of the 10th USENIX Security Symposium, pages 201–220, Washington DC, Aug 2002.Google Scholar
  99. [SPI Dynamics, 2003]
    SPI Dynamics. Web Application Security Assessment. SPI Dynamics Whitepaper, 2003.Google Scholar
  100. [Stiennon, 2003]
    Stiennon, R., Magic Quadrant for Enterprise Firewalls, 1H03. Research Note. M-20-0110, Gartner, Inc., 2003.Google Scholar
  101. [Strom and Yemini, 1986]
    Strom, R. E., Yemini, S. A. Typestate: A Programming Language Concept for Enhancing Software Reliability. IEEE Transactions on Software Engineering, 12(1):157–171, Jan 1986.Google Scholar
  102. [TMIS]
    Tennyson Maxwell Information Systems, Inc. Teleport Webspiders. http://www.tenmax.com/teleport/home.htmGoogle Scholar
  103. [Varghese, 2004]
    Varghese, S. Microsoft patches critical Hotmail hole. TheAge.com, March 24, 2004. http://www.theage.com.au/articles/2004/03/24/1079939690076.htmlGoogle Scholar
  104. [Visa U.S.A, 2003]
    Visa U.S.A. Cardholder Information Security Program (CISP) Security Audit Procedures and Reporting as of 8/8/2003. Version 2.2, 2003.Google Scholar
  105. [Viega et al., 2000]
    Viega, J., Bloch, J., Kohno, T., McGraw, G. ITS4: a static vulnerability scanner for C and C++ code. In Proceedings of the 16th Annual Computer Security Applications Conference, New Orleans, Louisiana, Dec 11–15, 2000.Google Scholar
  106. [Volpano et al., 1996]
    Volpano, D., Smith, G., Irvine, C. A Sound Type System For Secure Flow Analysis. Journal of Computer Security, 4(3):167–187, 1996.Google Scholar
  107. [Wagner et al., 2000]
    Wagner, D., Foster, J. S., Brewer, E. A., Aiken, A. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities. In Proceedings of the 7th Network and Distributed System Security Symposium, pages 3–17, San Diego, California, Feb 2000.Google Scholar
  108. [Wall et al., 2000]
    Wall, L., Christiansen, T., Schwartz, R. L. Programming Perl. O'Reilly and Associates, 3rd edition, July 2000.Google Scholar
  109. [Walker, 2000]
    Walker, D. A Type System for Expressive Security Policies. In Proceedings of the 27th Symposium on Principles of Programming Languages, pages 254–267, ACM Press, Boston, Massachusetts, Jan 2000.Google Scholar
  110. [Watts, 2003]
    Watts, G. PHPXref: PHP Cross Referencing Documentation Generator. Sep 2003. http://phpxref.sourceforge.net/Google Scholar
  111. [Wheeler]
    Wheeler, D. A. FlawFinder. http://www.dwheeler.com/flawfinder/Google Scholar
  112. [Wright and Cartwright, 1999]
    Wright, A. K, Cartwright, R. A Practical Soft Type System for Scheme. ACM Transactions on Programming Languages and Systems, 19(1):87–152, Jan 1999CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, Inc. 2005

Authors and Affiliations

  • Yao-Wen Huang
    • 1
    • 2
  • D. T. Lee
    • 1
    • 3
  1. 1.Institute of Information ScienceTaipeiTaiwan
  2. 2.Department of Electrical EngineeringNational Taiwan UniversityTaiwan
  3. 3.Department of Computer Science and Information EngineeringNational Taiwan UniversityTaiwan

Personalised recommendations