Web applications are generally more exposed to untrusted user content than
traditional applications. Thus, web applications face a variety of new and
unique threats, especially that of content injection. One method for preventing
these types of attacks is web application security policies. These policies
specify the behavior or structure of the web application. The goal of this
work is in three parts. First, to understand how security policies and their
systems are currently applied to web applications. The second is to extract
security policies of web applications, focusing on how sanitizers are applied to
web application content. The third is to advance the mechanisms used to apply
security policies to web applications. These three areas will advance the state
of the art in understanding and building web application security policies and
provide a foundation for future work in securing web applications.
Print
Remind me
Add to my Google calendar (bCal)
Share