Quality Of Secured Web Applications

摘要

ABSTRACT: Adding security functions in existing Web application servers is now vital for the IS of companies and organizations. Writing crosscutting functions in complex software should take advantage of the modularity offered by new software development approaches. With Aspect-Oriented Programming (AOP), separating concerns when designing an application fosters reuse, parameterization and maintenance. In this paper, we design a security aspect called AOPSec for detecting SQL injection and Cross Scripting Site (XSS) that are common attacks in web Servers This paper presents a brief description for the mostly used AOP approaches and analyzes them from a security point of view. AspectJ is then considered the most appropriate language to enforce security issues but at the same time it is not complete. This paper shows that some security crosscutting concerns need more means than those that are currently exist in AspectJ.