Automated code injection prevention for web applications
THEORY OF SECURITY AND APPLICATIONS(2012)
摘要
We propose a new technique based on multitier compilation for preventing code injection in web applications. It consists in adding an extra stage to the client code generator which compares the dynamically generated code with the specification obtained from the syntax of the source program. No intervention from the programmer is needed. No plugin or modification of the web browser is required. The soundness and validity of the approach are proved formally by showing that the client compiler can be fully abstract. The practical interest of the approach is proved by showing the actual implementation in the Hop environment.
更多查看译文
关键词
automated code injection prevention,extra stage,code injection,multitier compilation,hop environment,client code generator,web browser,web application,client compiler,actual implementation,new technique
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要