@inproceedings{9c4dda17eefc4fc4991caaac4223fcba,
title = "Securing web applications with better 'Patches': An architectural approach for systematic input validation with security patterns",
abstract = "Some of the most rampant problems in software security originate from improper input validation. This is partly due to ad hoc approaches taken by software developers when dealing with user inputs. Therefore, it is a crucial research question in software security to ask how to effectively apply well-known input validation and sanitization techniques against security attacks exploiting the user input-related weaknesses found in software. This paper examines the current ways of how input validation is conducted in major open-source projects and attempts to confirm the main source of the problem as these ad hoc responses to the input validation-related attacks such as SQL injection and cross-site scripting (XSS) attacks through a case study. In addition, we propose a more systematic software security approach by promoting the adoption of proactive, architectural design-based solutions to move away from the current practice of chronic vulnerability-centric and reactive approaches.",
author = "Sohn, {Jung Woo} and Jungwoo Ryoo",
note = "Publisher Copyright: {\textcopyright} 2015 IEEE.; 10th International Conference on Availability, Reliability and Security, ARES 2015 ; Conference date: 24-08-2015 Through 27-08-2015",
year = "2015",
month = oct,
day = "16",
doi = "10.1109/ARES.2015.106",
language = "English (US)",
series = "Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "486--492",
booktitle = "Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015",
address = "United States",
}