Aspect-oriented programming (AOP) is a paradigm that is quickly gaining traction in the development world. At least partially spurred by the popularity of the Java Spring framework [1], people are beginning to understand the substantial benefits that AOP brings to development. While several others have tied AOP to security [2][3], I aspire to raise awareness amongst my information security colleagues that AOP can have a substantially beneficial impact on application security. I'm convinced that, if more of us understand it, we'll be in a better place to work with developers to create secure applications and perhaps, more importantly add security into existing insecure applications.
Expand all |
Post comment
AOP can be used also without the unnecessary overhead of additional language extensions.
With the use of "pointcutting" architectural building blocks such as CORBA interceptors (Schmidt et al.) and servlet filters JEE can be secured without the use of additional (and from a security standpoint unpredictable) AOP libraries.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1895/996#996