Towards Security by Construction for Web 2.0 Applications

While security experts routinely bemoan the current state of the art in software security, from the standpoint of the application developer, application security requirements present yet another hurdle to overcome. Given the pressure for extra functionality, “lesser” concerns such as performance and security often do not get the time they deserve. While it is common to blame this on developer education, a big part of the problem is that it is extremely easy to write unsecure code. In this paper, we examine some opportunities for better security presented by popular software construction frameworks such as the Dojo Toolkit.