You are here: silicon.com > Resources > White Papers > Software and Web Development > Software Development Tools > Programming Languages

Programming Languages White Papers

Enforcing Code Security in Database Web Applications Using Libraries and Object Models

Tags:
programming languages

Overview Libraries are commonly though as toolboxes offering reusable components and algorithms. This paper shows that a properly designed library can also be used to enforce security, and hence to help in the creation of robust and secure applications. As an illustration, database web applications are chosen, because they are the kind of applications that suffers from the highest amount of vulnerabilities. SQL injection or Cross Site Scripting are common examples. How a library can be designed in such a way to completely mitigate these vulnerabilities is presented. Also show how a properly designed library does not only allow a programmer to write secure code, but can also make vulnerable code impossible to write is presented.

Further White Paper Details
Publisher	Association for Computing Machinery	File Format	PDF
Date Published	October 2007
Format	White Papers
Topics	Programming Languages, Security Management, Application Development

Did you find this white paper useful? 1 out of 2 users found this white paper useful

Citizants: Bringing IT In-House

Citizant enhances IT flexibility and scalability by creating a virtualized Dell infrastructure that will pay for itself in 18 months.

Publisher:
Dell EqualLogic

Tags:
application servers

Designing High Availability for Internet Information Services

End downtime forever! - Organizations today are relying more and more on Web services for the implementation of mission-critical applications. With the advent of Service-Oriented Architectures (SOAs),which make extensive use...

Publisher:
CA XOsoft

Tags:
servers

Five JavaScript Frameworks: A Point-by-Point Comparison

There are a multitude of JavaScript frameworks available today for programming rich client-side interactions in web applications. With many such different options, it is important to choose a framework that...

Publisher:
Harbinger Systems

Tags:
java

Increase Reliability with IBM WebSphere File Transfer Edition (FTE)

"Does your organization still use FTP software? Did you know these links require 3 to 4 times more time and effort to build and maintain versus SOA-based Application Integration projects?...

Publisher:
IBM

Tags:
application servers

Energy Monitoring Firm Saves Money, Scales Business With Hosted Computing Platform

Advanced Telemetry develops systems to help businesses monitor and control energy usage, onsite or via the Internet. The company employees 22 people. Advanced Telemetry needed a cost-effective way to scale...

Publisher:
Microsoft

Tags:
programming languages

Microsoft's latest flaws include 'critical' warning

The most serious of the flaws involves DirectX, a library of graphics and multimedia programming instructions used by most PC games, and could allow malicious users to run code of their choice on a vulnerable PC.

Channel:
Servers

Yet another Microsoft security flaw?

Unlike an email-based worm, Blaster was a network-based worm that spread by automatically exploiting vulnerabilities on vulnerable systems. SecurityFocus have published workaround information that can be used to mitigate the bug until more...

Channel:
SME Director

Hackers preying on patching headache

A technique known as SQL injection is also a problem that leaves many companies exposed, according to dryice - who also now works in the IT industry. Be it heap/buffer/integer overflow, these probably make up over 90 per cent of new exploits...

Don't cut corners when outsourcing

Success is achieved by the most experienced outsourcers - those outsourcing at least three-quarters of their application development needs - because of the rigour with which they define controls upfront in the outsourcing contract and enforce...

'Hack your own Oracle database' tool unveiled next week

We've created your version and SID enumeration modules, account brute-forcing modules, ported all the public (and not so public) Oracle SQL Injection vulnerabilities into SQLI modules (with IDS evasion examples for 10g/11g), modules for OS...

Microsoft releases emergency patch to plug critical ActiveX hole

Cisco will release free software updates for any of its software that is affected by the vulnerability and is making available workarounds that mitigate the issue, the company said in a detailed advisory.

Featured White Papers

The Value of Location Intelligence in the Communications Industry

Public Services are under pressure, the challenge is to do more with less. How do you improve citizen satisfaction, increase cost efficiencies and improve service delivery? The power of location intelligence is helping many local authorities and government departments make more informed decisions and derive greater value from current location-based information and data. Read this whitepaper to see how you can take advantage of location intelligence.

Publisher:
Pitney Bowes

Best Practices for Translating Customer Satisfaction into Revenue

Today's support organisations are focused on two top-level metrics: financial results and customer satisfaction. For most, it's easy to track financial performance, but customer satisfaction is akin to speaking a foreign language. How do you quantify customer satisfaction? Download the Best Practices for Benchmarking Customer Satisfaction to get industry research the Association of Support Professionals (ASP) on how to measure and leverage customer satisfaction.

Publisher:
Citrix Online

HP print solutions and 3M

the objective for 3M was to optimize office printing infrastructure at 3Mlocations worldwide Reduce total cost and environmental footprint. Some of the business benefits acheived by switching to HP print soultions, More than $3 million in savings in first two years and Per page costs reduced by up to 90 percent.