SAFEWEB: A Middleware for Securing Ruby-Based Web Applications
Web applications in many domains such as healthcare and finance must process sensitive data, while complying with legal policies regarding the release of different classes of data to different parties. Currently, software bugs may lead to irreversible disclosure of confidential data in multi-tier web applications. An open challenge is how developers can guarantee these web applications only ever release sensitive data to authorised users without costly, recurring security audits. The authors' solution is to provide a trusted middle-ware that acts as a "Safety net" to event-based enterprise web applications by preventing harmful data disclosure before it happens.