Reducing Web Application Programming Interface Vulnerabilities through a Functional Programming Artifact

作     者：Piscatello, Michael 

作者单位：Colorado Technical University 

学位级别：D.C.S., Doctor of Computer Science

导师姓名：Jenkins, Chris

授予年度：2022年

页      码：164页

主      题：Functional programming Injection vulnerabilities Software design Web security 

摘      要：Web application programming interfaces (APIs) security breaches frequently involve exploiting injection vulnerabilities introduced by weaknesses in the coding style, and software engineers commonly lack the expertise and experience in the implementation of the functional programming principles of immutability, the use of pure functions, and the reduction of side effects to prevent vulnerabilities in their code. This Design Science Research (DSR) study explores the changes web application developers can implement following the functional programming principles of immutability, the use of pure functions, and the reduction of side effects to reduce the presence of injection vulnerabilities in web application APIs. The research design and method for this study followed the General Design Cycle (GDC) and established DSR patterns to develop a solution to a real-world problem and make a knowledge contribution in the form of adaptation by making novel use of existing knowledge in a new way. The artifact resulting from this study, design principles, supports the nascent design theory that applying the functional programming principles of pure functions, immutability, and removing side effects can remove injection vulnerabilities from web application APIs. When applied to the sample, an intentionally vulnerable web application, the design principles demonstrated effectiveness through established DSR evaluation methods to remove injection vulnerabilities from web application APIs. This study contributes to the practice of software development by giving web application developers a new way to secure their APIs.