The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.02 - Feb. (2012 vol.45)
pp: 66-72
Nuno Antunes , University of Coimbra, Portugal
ABSTRACT
Although no single tool or technique can guard against the host of possible attacks, a defense-in-depth approach, with overlapping protections, can help secure Web applications.
INDEX TERMS
Code vulnerabilities, Cross-site scripting, Web applications, Secure coding practices, Vulnerability detection, Attack detection, SQL injection
CITATION
Nuno Antunes, "Defending against Web Application Vulnerabilities", Computer, vol.45, no. 2, pp. 66-72, Feb. 2012, doi:10.1109/MC.2011.259
REFERENCES
1. M. Howard and D.E. Leblanc, Writing Secure Code, Microsoft Press, 2002.
2. C. Ghezzi, M. Jazayeri, and D. Mandrioli, Fundamentals of Software Engineering, Prentice Hall, 2002.
3. G. McGraw, Software Security: Building Security In, Addison-Wesley, 2006.
4. D. Stuttard and M. Pinto, The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws, John Wiley & Sons, 2007.
5. B. Arkin, S. Stender, and G. McGraw, "Software Penetration Testing," IEEE Security & Privacy, Jan.-Feb. 2005, pp. 84-87.
6. D.P. Freedman and G.M. Weinberg, Handbook of Walkthroughs, Inspections, and Technical Reviews: Evaluating Programs, Projects, and Products, Dorset House, 2000.
7. N. Ayewah and W. Pugh, "A Report on a Survey and Study of Static Analysis Users," Proc. Workshop Defects in Large Software Systems (DEFECTS 08) ACM, 2008, pp. 1-5.
8. N. Antunes and M. Vieira, "Comparing the Effectiveness of Penetration Testing and Static Code Analysis on the Detection of SQL Injection Vulnerabilities in Web Services," Proc. 15th IEEE Pacific Rim Int'l Symp. Dependable Computing (PRDC 09), IEEE CS, 2009, pp. 301-306.
9. E. Biermann, E. Cloete, and L.M. Venter, "A Comparison of Intrusion Detection Systems," Computers & Security, Dec. 2001, pp. 676-683.
10. I.A. Elia, J. Fonseca, and M. Vieira, "Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental Study," Proc. 21st IEEE Int'l Symp. Software Reliability Eng. (ISSRE 10), IEEE CS, 2010, pp. 289-298.
11. N. Antunes and M. Vieira, "Enhancing Penetration Testing with Attack Signatures and Interface Monitoring for the Detection of Injection Vulnerabilities in Web Services," Proc. IEEE Int'l Conf. Services Computing (SCC 11), IEEE CS, 2011, pp. 104-111.
12. W.G.J. Halfond and A. Orso, "Preventing SQL Injection Attacks Using AMNESIA," Proc. 28th Int'l Conf. Software Eng. (ICSE 06), IEEE CS, 2006, p. 798.
13. M. Howard and S. Lipner, The Security Development Lifecycle, Microsoft Press, 2006.
22 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool