Abstract :
This paper analyzes the most common security problems of Web applications, including parameter modification, cookie modification, directory traversal, impersonation access, and unauthorized access. Two XML-based languages ACPDL (Access Control Policy Description Language) and SPDL (Security Policy Description Language) are proposed to specify access control policies (including XML signature) and security policies (including XML encryption) for Web application security, respectively. A framework WALSG (Web application level security gateway) based on ACPDL and SPDL is presented to provide Web security, which can be used as a secure tool to define access control and security policies of a Web site. Some examples are given as a demonstration of applications of the proposal.
Keywords :
Web sites; XML; authorisation; cryptography; Access Control Policy Description Language; Security Policy Description Language; Web application level security gateway; Web security; Web site; XML encryption; XML signature; XML-based language; cookie modification; directory traversal; impersonation access; parameter modification; security policy; unauthorized access; Access control; Computer security; Cryptography; Libraries; Paper technology; Programmable logic arrays; Protection; Uniform resource locators; Web pages; XML;
