Securing web applications with better 'Patches': An architectural approach for systematic input validation with security patterns

Jung Woo Sohn, Jungwoo Ryoo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Some of the most rampant problems in software security originate from improper input validation. This is partly due to ad hoc approaches taken by software developers when dealing with user inputs. Therefore, it is a crucial research question in software security to ask how to effectively apply well-known input validation and sanitization techniques against security attacks exploiting the user input-related weaknesses found in software. This paper examines the current ways of how input validation is conducted in major open-source projects and attempts to confirm the main source of the problem as these ad hoc responses to the input validation-related attacks such as SQL injection and cross-site scripting (XSS) attacks through a case study. In addition, we propose a more systematic software security approach by promoting the adoption of proactive, architectural design-based solutions to move away from the current practice of chronic vulnerability-centric and reactive approaches.

Original languageEnglish (US)
Title of host publicationProceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages486-492
Number of pages7
ISBN (Electronic)9781467365901
DOIs
StatePublished - Oct 16 2015
Event10th International Conference on Availability, Reliability and Security, ARES 2015 - Toulouse, France
Duration: Aug 24 2015Aug 27 2015

Publication series

NameProceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015

Other

Other10th International Conference on Availability, Reliability and Security, ARES 2015
CountryFrance
CityToulouse
Period8/24/158/27/15

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture

Fingerprint Dive into the research topics of 'Securing web applications with better 'Patches': An architectural approach for systematic input validation with security patterns'. Together they form a unique fingerprint.

  • Cite this

    Sohn, J. W., & Ryoo, J. (2015). Securing web applications with better 'Patches': An architectural approach for systematic input validation with security patterns. In Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015 (pp. 486-492). [7299956] (Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ARES.2015.106