Ensuring Privacy in Legacy Web Applications through Multiple Relations Views

This thesis is focused on the protection of legacy Web Applications against information leakage as well as the defense against well known attacks such as some form of SQLInjection. Many legacy Web Applications are unsafe because security protection techniques such as input sanitization, quote saving, bound parameters were not implemented at the moment of creation. This work proposes a solution to this problem that requires minimal modification to the Web Application and no modifications to the database as it works between these two entities in an almost independent fashion. In particular the solution is a wrapper implemented in Java that works by intercepting the queries issued by the Web Application and modifying them according to the policies defined by the DBA. This thesis aims both to maximize the protection of legacy web applications as well as minimize the performance overhead introduced by the wrapper.