Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Aspect-Oriented Programming and Security
Rohit Sethi

Aspect-oriented programming (AOP) is a paradigm that is quickly gaining traction in the development world. At least partially spurred by the popularity of the Java Spring framework [1], people are beginning to understand the substantial benefits that AOP brings to development. While several others have tied AOP to security [2][3], I aspire to raise awareness amongst my information security colleagues that AOP can have a substantially beneficial impact on application security. I'm convinced that, if more of us understand it, we'll be in a better place to work with developers to create secure applications and perhaps, more importantly add security into existing insecure applications.

Comments Mode:
Starting up with Aspect-Oriented Programming 2007-10-16
Anonymous (2 replies)
Really great idea, do you guys give private classes, if so can you please let me know the link.

thanks...

[ more ]  [ reply ]
Re: Starting up with Aspect-Oriented Programming 2007-10-17
Rohit Sethi
Yes, please contact me at rohit [a-t] securitycompass.com and I'll be happy to fill you in on details...

[ more ]  [ reply ]
Re: Starting up with Aspect-Oriented Programming 2007-10-18
Rohit Sethi
Yes, please contact me at rohit [ a - t ] securitycompass.com and I'll be happy to let you know more details....

[ more ]  [ reply ]
Starting up with Aspect-Oriented Programming 2007-10-16
Anonymous (1 replies)
ya! another term for an old technique! This is just templating and inheritence and _should_ be taught as part of OOP. oh well, if it gets people interested in doing things the right way......

[ more ]  [ reply ]
Re: Starting up with Aspect-Oriented Programming 2007-12-03
Angus Rg
Funny. I did learn it in an OOP class over a decade ago. I'm going to start my own "programming" method, just instead of calling it inheritance, I'm going to call it genetic traits....

[ more ]  [ reply ]
Aspect-Oriented Programming and Security 2007-10-22
marcschoenefeld (1 replies)
Nice to see that good old concepts never die, instead the number of inventors grows :)

AOP can be used also without the unnecessary overhead of additional language extensions.

With the use of "pointcutting" architectural building blocks such as CORBA interceptors (Schmidt et al.) and servlet fi...

[ more ]  [ reply ]
Re: Aspect-Oriented Programming and Security 2007-10-24
rksethi
It is true that many of the benefits of AOP can be built into a new design with simple OOP concepts. I've seen organizations implement their own "Interceptable" OO-style interface, and it can get quite bulky and hard to manage. Moreover, changing joinpoints is difficult and often ends up complicatin...

[ more ]  [ reply ]
Security and VPN's 2007-11-26
Lex Dean
I have a software product I wish to develop in a Delphi environment.

The product requires a multitasking database supplied through a VPN to my software product of many users.

When I create a socket connection with my VPN server what sort of fire wall action am I vulnerable to and how should I prot...

[ more ]  [ reply ]
Aspect-Oriented Programming and Security 2008-01-25
Anonymous (1 replies)
XSS is an output encoding issue...

[ more ]  [ reply ]
Re: Aspect-Oriented Programming and Security 2008-01-29
Anonymous
Yes - and output encoding can also be achieved through AOP....

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus