PAPER DIGEST
Most Influential WWW 2002 Paper · 2026-03 edition

Abstracting Application-level Web Security

David Scott; Richard Sharp

Venue
ACM Web Conference (WWW) 2002
Recognition
Most Influential WWW 2002 Paper (Rank No. 10)
Edition
2026-03
Impact factor
7
Certificate ID
ca04bdbef11d3a11

Abstract

Application-level web security refers to vulnerabilities inherent in the code of a web-application itself (irrespective of the technologies in which it is implemented or the security of the web-server/back-end database on which it is built). In the last few months application-level vulnerabilities have been exploited with serious consequences: hackers have tricked e-commerce sites into shipping goods for no charge, user-names and passwords have been harvested and condential information (such as addresses and credit-card numbers) has been leaked.In this paper we investigate new tools and techniques which address the problem of application-level web security. We (i) describe a scalable structuring mechanism facilitating the abstraction of security policies from large web-applications developed in heterogenous multi-platform environments; (ii) present a tool which assists programmers develop secure applications which are resilient to a wide range of common attacks; and (iii) report results and experience arising from our implementation of these techniques.

Download PDF certificate