SPECTRE: A Tool for Inferring, Specifying and Enforcing Web-Security Policies

Implementing web-applications securely is a laborious and error-prone task; as a result a large number of (professionally designed ) websites suffer from serious application-level security vulnerabilities. In t his paper we describe SPEC- TRE, a tool which helps to secure dynamic web-applications. As well as aiding in the development process of new applications SPECTRE can also be used to fix vulnerabilities in existing web-based components, even when the source of these components is not available.