M. Azarmi, B. K. Bhargava, P. Angin, R. Ranchal, N. Ahmed et al., An endto-end security auditing approach for service oriented architectures, SRDS, pp.279-284, 2012.

N. Ajam, F. Cuppens-boulahia, and . Cuppens, Privacy Administration in Distributed Service Infrastructure, SecureComm, pp.53-70, 2010.
DOI : 10.1109/TMC.2007.1062

A. Nationale-de-la, Sécurité des systèmes d'information. Centre d'expertise gouvernemental de réponse et de traitement des attaques informatiques, 2013.

P. Ashley, S. Hada, G. Karjoth, C. Powers, and M. Schunter, Enterprise privacy authorization language (epal), 2003.

[. Agrawal, J. Kiernan, R. Srikant, and Y. Xu, Implementing p3p using database technology, Data Engineering, 2003. Proceedings. 19th International Conference on, pp.595-606, 2003.

. Ama06 and . Amazon, Amazon Simple Storage Service REST Security Model, 2006.

M. Barhamgi, D. Benslimane, and Y. Amghar, Nora Cuppens- Boulahia, and Frédéric Cuppens Privcomp: a privacy-aware data service composition system, EDBT, pp.757-760, 2013.

J. Byun, E. Bertino, and N. Li, Purpose based access control of complex data for privacy protection, Proceedings of the tenth ACM symposium on Access control models and technologies , SACMAT '05, pp.102-110, 2005.
DOI : 10.1145/1063979.1063998

D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic, E. Kirda et al., Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications, 2008 IEEE Symposium on Security and Privacy (sp 2008), pp.387-401, 2008.
DOI : 10.1109/SP.2008.22

A. M. Braga, R. Darab, and C. M. Rubira, A meta-object protocol for secure composition of security mechanisms, Workshop on Advanced Separation of Concerns, 2000.

N. Belblidia, An aspect oriented approach for security hardening : semantic foundations, 2008.

D. Booth, H. Haas, F. Mccabe, E. Newcomer, M. Champion et al., Web services architecture, pp.991-100, 2004.

D. Balzarotti and M. Monga, Using program slicing to analyze aspect oriented composition, FOAL: Foundations Of Aspect-Oriented Languages, pp.25-30, 2004.

[. Bussard, G. Neven, and F. Preiss, Matching privacy policies and preferences: Access control, obligatons, authorisations, and downstream usage, Privacy and Identity Management for Life, pp.117-134, 2011.
DOI : 10.1007/978-3-642-20317-6_17

R. Bodkin, Enterprise security aspects

E. Bernard and S. Peterson, Jsr 303: Bean validation, bean validation expert group, 2009.

R. Ronan-alexandre-cherreau, J. Douence, M. Royer, A. Sudholt, Y. Santana-de-oliveira et al., Reference monitors for security and interoperability in oauth 2.0, 6th International Workshop on Autonomous and Spontaneous Security, 2013.

. Cer and . Cert, Operationally Critical Threat, Asset, and Vulnerability Evaluation (OC- TAVE)

A. Charfi and T. Darmstadt, Aspect-Oriented Workflow Languages, 2007.
DOI : 10.1007/11914853_12

URL : http://tuprints.ulb.tu-darmstadt.de/852/1/thesischarfifinal.pdf

S. Chen, The web application vulnerability scanner evaluation project -v1.2. https://code.google.com, 2012.

. Clo09 and . Cloud-security-alliance, Security guidance for critical areas of focus in cloud computing v2.1, 2009.

R. [. Christey and . Martin, Vulnerability type distributions in cve, 2007.

[. Chinnici, J. Moreau, A. Ryman, and S. Weerawarana, Web Services Description Language (WSDL) Version 2.0 Part 1: Core Language, p.3, 2007.

A. Simon-christensen, A. Moller, and M. I. Schwartzbach, Precise analysis of string expressions, Proc. 10th International Static Analysis Symposium, SAS'03, pp.1-18, 2003.

[. Cohen, W. Nutt, and A. Serebrenik, Rewriting aggregate queries using views, Proceedings of the eighteenth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems , PODS '99, pp.155-166, 1999.
DOI : 10.1145/303976.303992

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.42.4880

T. Cohen, AspectJ2EE = AOP + J2EE Towards an Aspect Based, Programmable and Extensible Middleware Framework, European Conference on Object-Oriented Programming, 2004.

T. Cohen, Applying Aspect-Oriented Software Development to Middleware Frameworks, 2007.

L. Chung and J. Leite, Conceptual modeling: Foundations and applications. chapter On Non-Functional Requirements in Software Engineering, Cra03] L.F. Cranor. P3p: making privacy policies more useful. Security Privacy, pp.363-37950, 2003.

D. Caromel and J. Vayssière, Reflections on MOP s, Components, and Java Security, Lecture Notes in Computer Science, vol.2072, pp.256-274, 2001.
DOI : 10.1007/3-540-45337-7_14

K. Chen and D. Wang, An Aspect-Oriented Approach to Privacy-Aware Access Control, 2007 International Conference on Machine Learning and Cybernetics, pp.3016-3021, 2007.
DOI : 10.1109/ICMLC.2007.4370665

W. Dai, Crypto++ 5.6.0 benchmarks, 2009.

[. Deeprasertkul, P. Bhattarakosol, and F. O. Brien, Automatic detection and correction of programming faults for software applications, Journal of Systems and Software, vol.78, issue.2, pp.101-110, 2005.
DOI : 10.1016/j.jss.2005.02.027

J. Dehlinger, Q. Feng, and L. Hu, SSVChecker, Proceedings of the 2006 OOPSLA workshop on eclipse technology eXchange , eclipse '06, pp.30-34, 2006.
DOI : 10.1145/1188835.1188842

. Dgm-+-10-]-r, H. Douence, I. Grall, and . Mejía, Survey and requirements analysis. Deliverable D1.1, The CESSA project, pp.1-1, 2010.

J. Dehlinger and N. Subramanian, Architecting secure software systems using an aspect-oriented approach: A survey of current research, 2006.

M. Dell-'amico, G. Serme, M. Sabir-idrees, A. Santana-de-oliveira, and Y. Roudier, Hipolds: A security policy language for distributed systems, Lecture Notes in Computer Science, vol.7322, pp.97-112, 2012.

M. Dell-'amico, G. Serme, M. Sabir-idrees, A. Santana-de-olivera, and Y. Roudier, Hipolds: A security policy language for distributed systems, Workshop in Information Security Theory and Practice, 2012.

M. Dell-'amico, G. Serme, M. Sabir-idrees, A. Santana-de-oliveira, and Y. Roudier, HiPoLDS: A Hierarchical Security Policy Language for Distributed Systems, Information Security Technical Report, vol.17, issue.3, pp.81-92, 2013.
DOI : 10.1016/j.istr.2012.10.002

. Facebook, Facebook Authentication, p.2012

R. Thomas and F. , Architectural styles and the design of network-based software architectures, 2000.

. Fou and . Owasp-foundation, The open web application security project (owasp foundation ) owasp testing guide v3

M. Bruno-de-fraine, V. Südholt, and . Jonckers, StrongAspectJ, Proceedings of the 7th international conference on Aspect-oriented software development , AOSD '08, pp.60-71, 2008.
DOI : 10.1145/1353482.1353491

M. Guarnieri, P. E. Khoury, and G. Serme, Security vulnerabilities detection and protection using eclipse, Proceedings of ECLIPSE-IT 2011, 2011.

[. Gluck, N. Harris, and A. Prado, Breach: Reviving the crime attack, BlackHat, 2013.

S. Gij-+-12-]-martin-georgiev, S. Iyengar, R. Jana, D. Anubhai, V. Boneh et al., The most dangerous code in the world: validating ssl certificates in non-browser software, ACM Conference on Computer and Communications Security, pp.38-49, 2012.

J. Gosling, B. Joy, G. Steele, and G. Bracha, Java(TM) Language Specification, 2005.

S. [. Galvin, S. Murphy, N. Crocker, and . Freed, Security multiparts for mime: Multipart/signed and multipart/encrypted, 1995.
DOI : 10.17487/rfc1847

C. Gould, Z. Su, and P. T. Devanbu, JDBC checker: a static analysis tool for SQL/JDBC applications, Proceedings. 26th International Conference on Software Engineering, pp.697-698, 2004.
DOI : 10.1109/ICSE.2004.1317494

E. Hammer, The oauth 1.0 protocol, 2010.

M. Hafiz, P. Adamczyk, and R. Johnson, Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations, Proceedings of the 1st International Symposium on Engineering Secure Software and Systems, ESSoS '09, pp.75-90, 2009.
DOI : 10.1007/3-540-45127-7_27

[. Hammer, Oauth bearer tokens are a terrible idea, 2010.

V. Haldar, D. Chandra, and M. Franz, Dynamic Taint Propagation for Java, 21st Annual Computer Security Applications Conference (ACSAC'05), pp.303-311, 2005.
DOI : 10.1109/CSAC.2005.21

[. Hannousse, R. Douence, and G. Ardourel, Static analysis of aspect interaction and composition in component models, Proceedings of the 10th ACM international conference on Generative programming and component engineering, GPCE '11, pp.43-52, 2011.
DOI : 10.1145/2047862.2047871

URL : https://hal.archives-ouvertes.fr/hal-00606270

B. Harbulot and J. R. Gurd, A join point for loops in AspectJ, Proceedings of the 5th international conference on Aspect-oriented software development , AOSD '06, pp.63-74, 2006.
DOI : 10.1145/1119655.1119666

G. J. William, A. Halfond, P. Orso, and . Manolios, Using positive tainting and syntax-aware evaluation to counter sql injection attacks, Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering, SIGSOFT '06/FSE-14, pp.175-185, 2006.

]. J. Hoo05 and . Hookom, Validating objects through metadata, 2005.

[. Hp, Fortify 360. https://www.fortify.com, 2012.

R. Hull and J. Su, Tools for design of composite Web services, Proceedings of the 2004 ACM SIGMOD international conference on Management of data , SIGMOD '04, pp.958-961, 2004.
DOI : 10.1145/1007568.1007722

C. Hauser, F. Tronel, C. Fidge, and L. Mé, Intrusion detection in distributed systems, an approach based on taint marking, 2013 IEEE International Conference on Communications (ICC), 2013.
DOI : 10.1109/ICC.2013.6654811

URL : https://hal.archives-ouvertes.fr/hal-00840338

G. Hiet, V. Viet-triem, L. Tong, B. Mé, and . Morin, Policy-based intrusion detection in web applications by monitoring java information flows, CRiSIS, pp.53-60, 2008.
URL : https://hal.archives-ouvertes.fr/hal-00448139

M. Huang, C. Wang, and L. Zhang, Toward a reusable and generic security aspect library

Y. Huang, F. Yu, C. Hang, C. Tsai, D. Lee et al., Securing web application code by static analysis and runtime protection, Proceedings of the 13th conference on World Wide Web , WWW '04, pp.40-52, 2004.
DOI : 10.1145/988672.988679

O. Ismail, M. Etoh, Y. Kadobayashi, and S. Yamaguchi, A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004., pp.145-151, 2004.
DOI : 10.1109/AINA.2004.1283902

[. Ietf, Internet x.509 public key infrastructure certificate and certificate revocation list (crl) profile, 2008.

W. Itani, A. I. Kayssi, and A. Chehab, Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, pp.711-716, 2009.
DOI : 10.1109/DASC.2009.139

M. Sabir-idrees, G. Serme, Y. Roudier, A. Santana-de-oliveira, H. Grall et al., Evolving Security Requirements in Multi-layered Service-Oriented-Architectures, Lecture Notes in Computer Science, vol.7122, issue.11, pp.190-205, 2011.
DOI : 10.1007/978-3-642-28879-1_13

URL : https://hal.archives-ouvertes.fr/inria-00614163

M. Johns and C. Beyerlein, SMask, Proceedings of the 2007 ACM symposium on Applied computing , SAC '07, pp.284-291, 2007.
DOI : 10.1145/1244002.1244071

M. Johns, C. Beyerlein, R. Giesecke, and J. Posegga, Secure Code Generation for Web Applications, ESSoS, pp.96-113, 2010.
DOI : 10.1007/978-3-642-11747-3_8

Z. Jeelani, An insight of ssl security attacks, International Journal of Research in Engineering and Applied Sciences, vol.3, pp.52-61, 2013.

N. Jovanovic, C. Kruegel, and E. Kirda, Pixy: A static analysis tool for detecting web application vulnerabilities (short paper), SP '06: Proceedings of the 2006 IEEE Symposium on Security and Privacy, pp.258-263, 2006.

N. Jovanovic, C. Kruegel, and E. Kirda, Precise alias analysis for static detection of web application vulnerabilities, Proceedings of the 2006 workshop on Programming languages and analysis for security , PLAS '06, pp.27-36, 2006.
DOI : 10.1145/1134744.1134751

T. Jim, N. Swamy, and M. Hicks, Defeating script injection attacks with browser-enforced embedded policies, Proceedings of the 16th international conference on World Wide Web , WWW '07, pp.601-610, 2007.
DOI : 10.1145/1242572.1242654

[. Kiczales, J. D. Rivieres, and D. G. Bobrow, The art of the metaobject protocol, 1991.

G. Kiczales, Aspect-Oriented Programming -The Fun Has Just Begun, Vanderbilt Workshop, New Visions for Software Design & Productivity: Research & Applications. Participant White Papers, 2001.

[. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic, Noxes, Proceedings of the 2006 ACM symposium on Applied computing , SAC '06, pp.330-337, 2006.
DOI : 10.1145/1141277.1141357

G. Kiczales, J. Lamping, A. Mendhekar, C. Maeda, C. Lopes et al., Aspect-oriented programming, Lecture Notes in Computer Science, vol.1241, pp.220-242, 1997.
DOI : 10.1007/BFb0053381

[. Karppinen, L. Yonkwa, and M. Lindvall, Why Developers Insert Security Vulnerabilities into Their Code, 2009 Second International Conferences on Advances in Computer-Human Interactions, pp.289-294, 2009.
DOI : 10.1109/ACHI.2009.18

URL : http://dx.doi.org/10.1109/ACHI.2009.18

]. Lefevre, R. Agrawal, V. Ercegovac, R. Ramakrishnan, Y. Xu et al., Limiting Disclosure in Hippocratic Databases, pp.108-119
DOI : 10.1016/B978-012088469-8.50013-9

M. Langheinrich, A Privacy Awareness System for Ubiquitous Computing Environments, UbiComp 2002: Ubiquitous Computing, pp.315-320, 2002.
DOI : 10.1007/3-540-45809-3_19

U. Lang, OpenPMF SCaaS: Authorization as a Service for Cloud & SOA Applications, 2010 IEEE Second International Conference on Cloud Computing Technology and Science, pp.634-643, 2010.
DOI : 10.1109/CloudCom.2010.13

[. Lascelles, RESTful Web services and signatures [Las13] Tasos Laskos. Arachni 0.4.2 -web application security scanner framework, 2010.

[. Liskov, Data Abstraction and Hierarchy, Sigplan Notices, 1988.
DOI : 10.1145/62139.62141

B. Livshits, Description of securibench applications, 2005.

[. Lawrence, C. Kaler, C. Lawrence, and . Kaler, 1-spec-os-KerberosTokenProfile.pdf SAML Token Profile 1.1. http://www.oasis-open.org/committees/download.php/ 16768/wss-v1.1-spec-os-SAMLTokenProfile.pdf [LKa06c] Kelvin Lawrence, Chris Kaler, and al. UsernameToken Profile 1.1. http://www.oasis-open.org/committees/download.php/ 16782/wss-v1.1-spec-os-UsernameTokenProfile.pdf Finding security vulnerabilities in java applications with static analysis, SSYM'05: Proceedings of the 14th conference on USENIX Security Symposium, pp.18-18, 2005.

Y. Liu and A. Milanova, Static information flow analysis with handling of implicit flows and a study on effects of implicit flows vs explicit flows, Proceedings of the 2010 14th European Conference on Software Maintenance and Reengineering, CSMR '10, pp.146-155, 2010.

[. Lopes, AOP: A historical perspective (What's in a name?), pp.97-122, 2005.

[. Loriant, M. Séegura-devillechaise, and J. Menaud, Software security patches: Audit, deployment and hot update, Proceedings of the Fourth AOSD Workshop on Aspects, Components, and Patterns for Infrastructure Software, 2005.
URL : https://hal.archives-ouvertes.fr/inria-00441354

M. S. Lam, J. Whaley, and V. B. Livshits, Context-sensitive program analysis as database queries, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems , PODS '05, pp.1-12, 2005.
DOI : 10.1145/1065167.1065169

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.59.9817

A. Thomas and M. , Rest and soap and document-oriented ser- vices, 2005.

C. Robert and . Martin, Designing object oriented applications using uml, 2d [Mic] Microsoft Corporation. Crosscutting concerns, 1999.

. Mit09 and . Mitre, Cwe-20: Improper input validation, 2009.

[. Cwe, SANS Top 25 Most Dangerous Software Errors, 2011.

[. Masuhara and K. Kawauchi, Dataflow Pointcut in Aspect-Oriented Programming, Lecture Notes in Computer Science, vol.2895, pp.105-121, 2003.
DOI : 10.1007/978-3-540-40018-9_8

B. Mayhew and O. Community, Webgoat 5.4. https://code. google.com, 2012.

A. Mourad, An aspect-oriented framework for systematic security hardening of software, 2008.

[. Mowbray and S. Pearson, A client-based privacy manager for cloud computing, Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE, COMSWARE '09, p.5, 2009.
DOI : 10.1145/1621890.1621897

T. Mens and T. Tourwe, A survey of software refactoring. Software Engineering, IEEE Transactions on, vol.30, issue.2, pp.126-139, 2004.

M. Casassa, M. , and R. Thyne, A systemic approach to automate privacy policy enforcement in enterprises, Privacy Enhancing Technologies, pp.118-134, 2006.

M. Navarro, W. Südholt, . Vanderperren, D. Bruno-de-fraine, and . Suvée, Explicitly distributed AOP using AWED, Proceedings of the 5th international conference on Aspect-oriented software development , AOSD '06, pp.51-62, 2006.
DOI : 10.1145/1119655.1119665

URL : https://hal.archives-ouvertes.fr/inria-00071386

A. Nguyen-tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans, Automatically Hardening Web Applications Using Precise Tainting, SEC, pp.295-308, 2005.
DOI : 10.1007/0-387-25660-1_20

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.135.1565

. Oas06 and . Oasis, Web Services Security : SOAP Message Security 1.1. http://www. oasis-open.org/committees/wss, 2006.

. Lussi-dépt, Enforcement of Privacy Preferences in Data Services: A SPARQL Query Rewriting Approach Logique des Usages, Sciences Sociales et de l'Information (Institut Mines-Télécom- Télécom Bretagne-UEB), Lab-STICC -Laboratoire en sciences et technologies de l'information, de la communication et de la connaissance, april 2013. Th. doct. : Informatique, Institut Mines-Télécom- Télécom Bretagne-UEB, 2013.

[. Pawlak, Jac (java aspect components), 2002.

S. Pearson and A. Charlesworth, Accountability as a Way Forward for Privacy Protection in the Cloud, Lecture Notes in Computer Science, vol.5931, pp.131-144, 2009.
DOI : 10.1007/978-3-642-10665-1_12

[. Payne, E. Cargnin, and N. Eyde, Personal blog, 2005.

C. Pohl, A. Charfi, W. Gilani, S. Göbel, and B. Grammel, Adopting Aspect-Oriented Software Development in Business Application Engineering, 7th International Conference on Aspect-Oriented Development, 2008.

K. Padayachee and J. H. Eloff, An aspect-oriented approach to enhancing multilevel security with usage control: An experience report, Sio Iong Ao IMECS, Lecture Notes in Engineering and Computer Science, pp.1060-1065, 2007.

A. Jaime, L. Pavlich-mariscal, S. A. Michel, and . Demurjian, A formal enforcement framework for role-based access control using aspect-oriented programming, MoDELS, pp.537-552, 2005.

T. Pietraszek, C. V. , and E. Berghe, Defending Against Injection Attacks Through Context-Sensitive String Evaluation, Recent Advances in Intrusion Detection (RAID, 2005.
DOI : 10.1007/11663812_7

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.59.3182

[. Pautasso, O. Zimmermann, and F. Leymann, Restful web services vs. "big"' web services, Proceeding of the 17th international conference on World Wide Web , WWW '08, pp.805-814, 2008.
DOI : 10.1145/1367497.1367606

[. Rizzo and T. Duong, The crime attack, Ekoparty, 2012.

D. Recordon and D. Hardt, The oauth 2.0 authorization framework, 2012.

A. Riancho, W3af 1.0 -open source web application security scanner, 2011.

[. Rizvi, A. Mendelzon, S. Sudarshan, and P. Roy, Extending query rewriting techniques for fine-grained access control, Proceedings of the 2004 ACM SIGMOD international conference on Management of data , SIGMOD '04, pp.551-562, 2004.
DOI : 10.1145/1007568.1007631

W. Robertson and G. Vigna, Static enforcement of web application integrity through strong typing, Proceedings of the 18th conference on USENIX security symposium, SSYM'09, pp.283-298, 2009.

[. Scholte, D. Balzarotti, and E. Kirda, Quo Vadis? A Study of the Evolution of Input Validation Vulnerabilities in Web Applications, Proceedings of Financial Cryptography and Data Security 2011, 2011.
DOI : 10.1007/978-3-642-27576-0_24

A. Sewe, C. Bockisch, and M. Mezini, Aspects and class-based security, Proceedings of the 2nd Workshop on Virtual Machines and Intermediate Languages for emerging modularization mechanisms, VMIL '08, pp.1-3, 2008.
DOI : 10.1145/1507504.1507507

A. Santana, D. Oliveira, and G. Serme, Use-case analysis and aspect requirements. Deliverable D3.2, The CESSA project, 2012.

]. O. Sel58 and . Selfridge, Pandemonium: a paradigm for learning, Mechanisation of Thought Processes Proceedings of a Symposium Held at the National Physical Laboratory, pp.513-526, 1958.

M. Gabriel-serme, P. E. Guarnieri, A. Khoury, and . Oliveira, Towards assisted remediation of security vulnerabilities, The Sixth International Conference on Emerging Security Information, Systems and Technologies, 2012.

M. Störzer and C. Koppen, Pcdiff: Attacking the fragile pointcut problem, abstract, European Interactive Workshop on Aspects in Software, 2004.

[. Suh, J. W. Lee, D. Zhang, and S. Devadas, Secure program execution via dynamic information flow tracking, ACM SIGARCH Computer Architecture News, vol.32, issue.5, pp.85-96, 2004.
DOI : 10.1145/1037947.1024404

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.124.341

T. Scholte, W. K. Robertson, D. Balzarotti, and E. Kirda, Preventing Input Validation Vulnerabilities in Web Applications through Automated Type Analysis, 2012 IEEE 36th Annual Computer Software and Applications Conference, pp.233-243, 2012.
DOI : 10.1109/COMPSAC.2012.34

D. Scott and R. Sharp, Abstracting application-level web security, Proceedings of the eleventh international conference on World Wide Web , WWW '02, pp.396-407, 2002.
DOI : 10.1145/511446.511498

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.121.8412

A. Gabriel-serme, J. Santana-de-oliveira, Y. Massiera, and . Roudier, Enabling message security for restful services, 19th International Conference on Web Services, p.2012

G. Serme, T. Scholte, and A. Oliveira, Enforcing Input Validation through Aspect Oriented Programming, SETOP 2013, 6th International Workshop on Autonomous and Spontaneous Security, pp.12-13
DOI : 10.1007/978-3-642-54568-9_20

[. Suzumura, T. Takase, and M. Tatsubori, Optimizing Web services performance by differential deserialization, IEEE International Conference on Web Services (ICWS'05), pp.185-192, 2005.
DOI : 10.1109/ICWS.2005.87

B. Simic and J. Walden, Eliminating sql injection and cross site scripting using aspect oriented programming [Swe02] L. Sweeney. k-anonymity: A model for protecting privacy, International Symposium on Engineering Secure Software and System (ESSoS 13), pp.557-570, 2002.
DOI : 10.1007/978-3-642-36563-8_15

K. Slowikowski and . Zielinski, Comparison study of aspectoriented and container managed security, Analysis of Aspect-Oriented Software, 2003.

. Trustwave, Trustwave webdefend -web application firewall, 2011.

S. Trabelsi and J. Sendor, Sticky policies for data control in the cloud, 2012 Tenth Annual International Conference on Privacy, Security and Trust, pp.75-80, 2012.
DOI : 10.1109/PST.2012.6297922

A. Tootoonchian, S. Saroiu, Y. Ganjali, and A. Wolman, Lockr, Proceedings of the 5th international conference on Emerging networking experiments and technologies, CoNEXT '09, pp.169-180, 2009.
DOI : 10.1145/1658939.1658959

C. Ulmer, G. Serme, and Y. Bonillo, Enabling web object orientation with mobile devices, Proceedings of the 6th International Conference on Mobile Technology, Application & Systems, Mobility '09, 2009.
DOI : 10.1145/1710035.1710047

J. Viega, J. T. Bloch, and P. Ch, Applying aspect-oriented programming to security, Cutter IT Journal, vol.14, pp.31-39, 2001.

J. Viega, J. T. Bloch, Y. Kohno, and G. Mcgraw, ITS4: a static vulnerability scanner for C and C++ code, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00), p.257, 2000.
DOI : 10.1109/ACSAC.2000.898880

. Vnj-+-07-]-philipp, F. Vogt, N. Nentwich, E. Jovanovic, C. Kirda et al., Cross site scripting prevention with dynamic data tainting and static analysis, 2007.

W. Bart-de, Engineering application-level security through aspect-oriented software development, 2004.

[. Wohlstadter, S. Jackson, and P. T. Devanbu, DADO: enhancing middleware to support crosscutting features in distributed, heterogeneous systems, 25th International Conference on Software Engineering, 2003. Proceedings., pp.174-186, 2003.
DOI : 10.1109/ICSE.2003.1201198

I. S. Welch and R. J. Stroud, Security and aspects: A metaobject protocol viewpoint, First AOSD Workshop on Aspects, Components, and Patterns for Infrastructure Software (AOSD-2002), 2002.

G. Wassermann and Z. Su, An analysis framework for security in web applications, Proc. FSE Workshop on Specification and Verification of Component-Based Systems, SAVCBS'04, pp.70-78, 2004.

G. Wassermann and Z. Su, Sound and precise analysis of web applications for injection vulnerabilities, Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation, PLDI '07, pp.32-41, 2007.

G. Wassermann and Z. Su, Static detection of cross-site scripting vulnerabilities, Proceedings of the 13th international conference on Software engineering , ICSE '08, pp.171-180, 2008.
DOI : 10.1145/1368088.1368112

[. Wohlstadter, B. Toone, and P. Devanbu, A framework for flexible evolution in distributed heterogeneous systems, Proceedings of the international workshop on Principles of software evolution , IWPSE '02, pp.39-42, 2002.
DOI : 10.1145/512035.512045

Y. Xie and A. Aiken, Static detection of security vulnerabilities in scripting languages, Proceedings of the 15th conference on USENIX Security Symposium, 2006.

J. Xie, B. Chu, H. R. Lipford, and J. T. Melton, ASIDE, Proceedings of the 27th Annual Computer Security Applications Conference on, ACSAC '11, pp.267-276, 2011.
DOI : 10.1145/2076732.2076770

T. Yang, H. Aotani, F. Masuhara, H. Nielson, and . Nielson, Combining Static Analysis and Runtime Checking in Security Aspects for Distributed Tuple Spaces, Lecture Notes in Computer Science, vol.46, issue.1-2, pp.202-218, 2011.
DOI : 10.1016/S0167-6423(02)00090-4

[. Yu, J. Sendor, G. Serme, A. Santana, and . Oliveira, Automating Privacy Enforcement in Cloud Platforms, 7th International Workshop on Data Privacy Management, p.2012
DOI : 10.1007/978-3-642-35890-6_12