Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
Creating application security layer based on resource access decision service
Date
2008-01-01
Author
Metin, Mehmet Özer
Şener, Cevat
Göǧebakan, Yenal
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
174
views
0
downloads
Cite This
Different solutions have been implemented for different security aspects (access control, application security) of enterprise web applications. However combining "enterprise-level" and "application-level" security aspects in one layer could give great benefits such as reusability, manageability, and scalability. In this paper, we propose adding a new layer to n-tier web application architectures, which use RAD service implementations to execute enterprise and application security policies. Proposed architecture enables applications not only benefit from enterprise-level security policies provided by RAD, but also implements "application-level" security based on RAD services to eliminate web application attacks including but not limited to those based on cross-site scripting, SQL injection, forceful browsing, cookie poisoning, invalid input and most importantly session stealing. © 2008 Atilla Elçi.
URI
https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=84893173590&origin=inward
https://hdl.handle.net/11511/92820
Conference Name
1st International Conference on Security of Information and Networks, SIN 2007
Collections
Department of Computer Engineering, Conference / Seminar
Suggestions
OpenMETU
Core
Creating application security layer based on resource access decision service
Metin, Mehmet Özer; Şener, Cevat; Department of Computer Engineering (2007)
Different solutions have been used for each security aspects (access control, application security) to secure enterprise web applications. However combining "enterprise-level" and "application-level" security aspects in one layer could give great benefits such as reusability, manageability, and scalability. In this thesis, adding a new layer to n-tier web application architectures to provide a common evaluation and enforcement environment for both enterprise-level and application level policies to bring tog...
Using Assurance Cases to Develop Iteratively Security Features Using Scrum
BEN OTHMANE, Lotfi; Angın, Pelin; BHARGAVA, Bharat (2014-09-12)
A security feature is a customer-valued capability of software for mitigating a set of security threats. Incremental development of security features, using the Scrum method, often leads to developing ineffective features in addressing the threats they target due to factors such as incomplete security tests. This paper proposes the use of security assurance cases to maintain a global view of the security claims as the feature is being developed iteratively and a process that enables the incremental developm...
Uses of PKI for process authorization
Taşkazan, Feyza; Özgit, Attila; Erten, Murat; Department of Computer Engineering (2003)
Enterprises require an information security solution that provides privacy, integrity, authentication and access controls for processes. License management systems are developed to be a solution for process authorization in different platforms. However, security threats on processes cannot be controlled with existing license management mechanisms. The need is a complete system that is independent from implementation, platform, and application. In this thesis, we design a complete system for process authoriz...
A certificate based, context aware access control model for multi domain environments
Yortanlı, Ahmet; Koçyiğit, Altan; Department of Information Systems (2010)
A certificate based approach is proposed for access control operations of context aware systems for multi domain environments. New model deals with the removal of inter-domain communication requirement in access request evaluation process. The study is applied on a prototype implementation with configuration for two di erent cases to show the applicability of the proposed certificate based, context aware access control model for multi domain environments. The outputs for the cases show that proposed access ...
Analysis of Password Attacks From The Perspective Of The Attacker By Multiple Honeypots
Aydın, Kıvanç; Acartürk, Cengiz; Department of Cybersecurity (2021-8-19)
Authentication is vital for secure operation of ICT systems. Since the past several decades, alternative solutions have been developed for authentication, such as biometric authentication methods, aiming at replacing passwords. Nevertheless, their success has been limited as evidenced by intensive use of passwords. Today, an average user uses dozens of different passwords in daily practice. The frequent use of passwords in authentication also leads to a close interest of attackers due to rapid the expansion...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
M. Ö. Metin, C. Şener, and Y. Göǧebakan, “Creating application security layer based on resource access decision service,” presented at the 1st International Conference on Security of Information and Networks, SIN 2007, Gazimagusa, Türkiye, 2008, Accessed: 00, 2021. [Online]. Available: https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=84893173590&origin=inward.
