ABSTRACT
AOP provides a promising paradigm to abstract and manage crosscutting concerns such as security concern. In section 2 we discuss fixing vulnerabilities via AOP. For the increasingly attempted Cross Site Request Forgery (CSRF) attack [1] on web-based applications, we present a general light weight solution via AOP. Further, as discussed in section 3, we are interested in integrating and designing these solution modules together with other concerns such as monitoring, testing, and honeypot into an AOP-based framework that enhances different aspects of web application level security, which are easily adapted to but do not interfere with the original web applications. A prototype integrating the above CSRF protection and web application honeypots is presented. In the framework, through employing different policies and exposing different counterparts of the real application, based on the actions attackers take, information such as attack vectors could be gathered.
