Using aspect-oriented programming to secure the broken authentication and session management on web application

Other Title(s)

استخدام البرمجة للجوانب لتعزيز و تحسين أمن إدارة الجلسات في التطبيقات الشبكية

Dissertant

Mahjub, Sandrilla Ibrahim Kamil

Thesis advisor

al-Ghul, Said

University

Philadelphia University

Faculty

Faculty of Information Technology

Department

Department of Computer Science

University Country

Jordan

Degree

Master

Degree Date

2009

English Abstract

-Web applications are becoming more and more popular every day.

Many web applications made life easier.

We have webmail, online retail sales, online bills payment, flights check-in and status, wikis, multiplayer online role-playing games, and many others.

Due to the increase of web application usage the security become as a most critical aspects which no one can use or trust such application without guarantee security.

Web application concerns contains business concern which takes the principal view, and other concerns as security, logging, tracing, performance ,this all concerns take lower level of importance in the design of a web application.

The Aspect-Oriented Programming (AOP) paradigm focuses on the identification, specification and representation of crosscutting concerns and their modularization into separate functional units given more than one concern higher level of importance.

In this thesis, we applied the Aspect-Oriented Programming approach to enhance the security of web applications.

That by solving a security problem, the problem is the interception of the client and server connection by a third party to stolen session Id after success login and use the stolen session Id to a legal access to the server response for illegal user.

The Aspect-Oriented Programming approach has already been the subject of several related efforts, which was addressed with the Structured Query Language (SQL) injection and Cross Site Scripting (XSS).

These two problems and the session Id stolen problem as a third problem are in the top ten problems for web application security.

But the session Id stolen problem was not solved before using the Aspect-Oriented programming approach.

In the thesis we applied the Aspect-Oriented Programming paradigm that introduces such ideas as aspect, joint point models, pointcut and advice to solve a security problem of the web applications.

The basic advice applied to solve the problem of the session Id stolen by third part to access the server response as real user, is to make the server to distinguish the origin of request for specific location by using remote address.

As result we have web applications more secure by make a relation between the user request and its remote address as an AOP advice.

As AOP concern the security is coded clearly separated from the other concerns making centralized for maintenance.

Also as result we have a security API applicable in legacy web application.

Main Subjects

Mathematics

Topics

• Computer software
• Computer networks
• Internet
• Web sites
• Security measures

No. of Pages

49

Table of Contents

• APA
• MLA
• AMA

Language

English

Data Type

Arab Theses

Record ID

BIM-548976