Annual Computer Security Applications Conference 2011 Technical Track Papers

Full Program »

ASIDE: IDE Support for Web Application Security

Many of today’s application security vulnerabilities are introduced by software developers writing insecure code. This may be due to either a lack of understanding of secure programming practices, and/or developers’ lapses of attention on security. Much work on software security has focused on detecting software vulnerabilities through automated analysis techniques. While they are effective, we believe they are not sufficient. We propose to increase developer awareness and promote practice of secure programming by interactively reminding programmers of secure programming practices inside Integrated Development Environments (IDEs). We have implemented a proof-of-concept plugin for Eclipse and Java. Initial evaluation results show that this approach can detect and address common web application vulnerabilities and can serve as an effective aid for programmers. Our approach can also effectively complement existing software security best practices and significantly increase developer productivity.

Author(s):

Jing Xie    
University of North Carolina at Charlotte
United States

Bill Chu    
University of North Carolina at Charlotte
United States

Heather Richter Lipford    
University of North Carolina at Charlotte
United States

John T. Melton    
University of North Carolina at Charlotte
United States

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC