The Impact of a Structured Application Development Framework on Web Application Security

Author:
Heather Richter Lipford, Jing Xie, Will Stranathan, Daniel Oakley, Bei-Tseng Chu
File Size:
339.37 kB
Date:
01 July 2010
Downloads:
1137 x

Many security vulnerabilities are caused through flaws in the developed software. We investigate the hypothesis that using a structured software development framework reduces the flaws introduced by programmers, leading to more secure software. To test this hypothesis, we conducted an empirical study comparing applications developed using Struts I, a widely used framework for Java-based web applications, against applications written in JSP/Servlet. Our results suggest that a structured framework may reduce security vulnerability density, mainly as a result of using libraries that abstract away low level API calls. Modular design, e.g. the MVC model, had only a modest impact.

The Impact of a Structured Application Development Framework on Web Application Security