JOURNAL OF SOFTWARE (JSW)
ISSN : 1796-217X
Volume : 2    Issue : 6    Date : December 2007

Using Aspect Programming to Secure Web Applications
Gabriel Hermosillo, Roberto Gomez, Lionel Seinturier, and Laurence Duchien
Page(s): 53-63
Full Text:
PDF (1,183 KB)


Abstract
As the Internet users increase, the need to protect web servers from malicious users has become a
priority in many organizations and companies. Writing crosscutting functions in complex software
should take advantage of the modularity offered by new software development approaches. With
AspectOriented Programming (AOP), separating concerns when designing an application fosters
reuse, parameterization and maintenance. In this paper, we design a security aspect called
AProSec for detecting SQL injection and Cross Scripting Site (XSS), that are common attacks in web
servers. We experimented this aspect with AspectJ language and JBoss AOP. By this
experimentation, we show the advantage of runtime platforms such as JBoss AOP for changing
security policies at runtime. Finally, we describe related work on security and AOP.

Index Terms
Aspectoriented programming, security, SQL injection, cross site scripting, design of web
applications, reuse of aspect, dynamic weaving.