Coding Practices and Recommendations of Spring Security for Enterprise Applications

  title={Coding Practices and Recommendations of Spring Security for Enterprise Applications},
  author={Mazharul Islam and S. Rahaman and N. Meng and Behnaz Hassanshahi and P. Krishnan and Danfeng Yao},
  journal={2020 IEEE Secure Development (SecDev)},
  • Mazharul Islam, S. Rahaman, +3 authors Danfeng Yao
  • Published 2020
  • Computer Science
  • 2020 IEEE Secure Development (SecDev)
  • Spring security is tremendously popular among practitioners for its ease of use to secure enterprise applications. In this paper, we study the application framework misconfiguration vulnerabilities in the light of Spring security, which is relatively understudied in the existing literature. Towards that goal, we identify 6 types of security anti-patterns and 4 insecure vulnerable defaults by conducting a measurement-based approach on 28 Spring applications. Our analysis shows that security… CONTINUE READING
    1 Citations

    Figures, Tables, and Topics from this paper


    Developers Need Support, Too: A Survey of Security Advice for Software Developers
    • 46
    • PDF
    Secure Coding Practices in Java: Challenges and Vulnerabilities
    • 45
    • PDF
    Vulnerability anti-patterns: a timeless way to capture poor software practices (Vulnerabilities)
    • 6
    • PDF
    The Seven Sins: Security Smells in Infrastructure as Code Scripts
    • 37
    • PDF
    Attribute based access control for APIs in spring security
    • 12
    • PDF
    Common Vulnerability Scoring System
    • 474
    Why eve and mallory love android: an analysis of android SSL (in)security
    • 466
    • PDF
    An empirical study of cryptographic misuse in android applications
    • 318
    • PDF
    How Reliable is the Crowdsourced Knowledge of Security Implementation?
    • 12
    • PDF