• DocumentCode
    2416760
  • Title

    Secure Software Development through Coding Conventions and Frameworks

  • Author

    Okubo, Takao ; Tanaka, Hidehiko

  • Author_Institution
    Inst. of Inf. Security, Fujitsu Labs. Ltd., Kanagawa
  • fYear
    2007
  • fDate
    10-13 April 2007
  • Firstpage
    1042
  • Lastpage
    1051
  • Abstract
    It is difficult to apply existing software development methods to security concerns. Using software for security testing purposes, in particular, is hard to do. The fact that there is a restriction on the implementation of software affects the ease with which security can be tested. In this paper we propose a decision process of coding conventions for security, mindful of testing security. Then, we apply our method to preventing injection attacks on Web application programs, and establish some coding conventions that can be used against injection attacks and cross site scripting. We also discuss security frameworks, which are also useful as conventions
  • Keywords
    Internet; program testing; security of data; software engineering; Web application programs; coding conventions; cross site scripting; injection attacks; secure software development; security testing; Application software; Data security; IEC standards; ISO standards; Information security; Laboratories; Programming; Software engineering; Software testing; Unified modeling language;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on
  • Conference_Location
    Vienna
  • Print_ISBN
    0-7695-2775-2
  • Type

    conf

  • DOI
    10.1109/ARES.2007.131
  • Filename
    4159907
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2416760