WAVES: Automatic Synthesis of Client-Side Validation Code for Web Applications
Source: University of Illinois
The current practice of web application development treats the client and server components of the application as two separate but interacting pieces of software. Each component is written independently, usually in distinct programming languages and development platforms - a process known to be prone to errors when the client and server share application logic. When the client and server are out of sync, an "Impedance mismatch" occurs, often leading to software vulnerabilities as demonstrated by recent work on parameter tampering. This paper outlines the groundwork for a new software development approach, WAVES, where developers author the server-side application logic and rely on tools to automatically synthesize the corresponding client-side application logic.