Name
Abstract | ||
|---|---|---|
As the Web has become more and more ubiquitous, the number of attacks on web applications have increased substantially. According to a recent report, over 80 percent of web applications have had at least one serious vulnerability. This percentage is alarmingly higher than traditional applications. Something must be fundamentally wrong in the web infrastructure. Based on our research, we have formulated the following position: when choosing the stateless framework for the Web, we ignored a number of security properties that are essential to applications. As a result, the Trusted Computing Base(TCB) of the Web has significant weaknesses. To build secure stateful applications on top of a weakened TCB, developers have to implement extra protection logic in their web applications, making development difficult and error prone, and thereby causing a number of security problems in web applications. In this paper, we will present evidence, justification, and in-depth analysis to support this position. |
Year | DOI | Venue |
|---|---|---|
2011 | 10.1145/2073276.2073285 | NSPW |
Keywords | Field | DocType |
recent report,web infrastructure,position paper,security problem,extra protection logic,weakened tcb,following position,security property,web application,in-depth analysis,trusted computing base,web server,access control,web security | Web development,Mashup,Internet privacy,World Wide Web,Web threat,Computer security,Computer science,Web standards,Web engineering,Web modeling,Web application security,Web service | Conference |
Citations | PageRank | References |
1 | 0.36 | 21 |
Authors | ||
5 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| wenliang du | 1 | 4906 | 241.77 |
| Karthick Jayaraman | 2 | 282 | 13.84 |
| Xi Tan | 3 | 73 | 14.27 |
| Tongbo Luo | 4 | 138 | 9.21 |
| Steve Chapin | 5 | 45 | 1.86 |