Developers and users require some degree of assurance in their applications' security vulnerabilities. The authors have designed a prototype tool, Jslint, to help programmers automatically use existing security kn...
详细信息
Developers and users require some degree of assurance in their applications' security vulnerabilities. The authors have designed a prototype tool, Jslint, to help programmers automatically use existing security knowledge.
Spring security is tremendously popular among practitioners for its ease of use to secure enterprise applications. In this paper, we study the application framework misconfiguration vulnerabilities in the light of Spr...
详细信息
ISBN:
(数字)9781728183886
ISBN:
(纸本)9781728183886
Spring security is tremendously popular among practitioners for its ease of use to secure enterprise applications. In this paper, we study the application framework misconfiguration vulnerabilities in the light of Spring security, which is relatively understudied in the existing literature. Towards that goal, we identify 6 types of security anti-patterns and 4 insecure vulnerable defaults by conducting a measurement-based approach on 28 Spring applications. Our analysis shows that security risks associated with the identified security anti-patterns and insecure defaults can leave the enterprise application vulnerable to a wide range of high-risk attacks. To prevent these high-risk attacks, we also provide recommendations for practitioners. Consequently, our study has contributed one update to the official Spring security documentation while other security issues identified in this study are being considered for future major releases by Spring security community.
暂无评论