Towards Security By Construction For Web 2.0 Applications
- Benjamin Livshits ,
- Úlfar Erlingsson ,
- Ben Livshits
Workshop on Web 2.0 Security and Privacy (W2SP 2007) |
While security experts routinely bemoan the current state of
the art in software security, from the standpoint of the application
developer, application security requirements present yet
another hurdle to overcome. Given the pressure for extra functionality,
“lesser” concerns such as performance and security
often do not get the time they deserve. While it is common to
blame this on developer education, a big part of the problem is
that it is extremely easy to write unsecure code.