JS-SAN: defense mechanism for HTML5-based web applications against javascript code injection vulnerabilities
نویسندگان
چکیده
منابع مشابه
Programming JavaScript Applications - Robust Web Architecture with Node, HTML5, and Modern JS Libraries
Libraries, Eric Elliott, Eric Hamilton, O'Reilly Media, Incorporated, 2013, 1449320945, 9781449320942, 300 pages. Take your existing JavaScript skills to the next level and learn how to build complete web scale or enterprise applications that are easy to extend and maintain. By applying the design patterns outlined in this book, youÐ2Ђ™ll learn how to write flexible and resilient code thatÐ2...
متن کاملIntelligent Defense against Malicious JavaScript Code
JavaScript is a popular scripting language for creating dynamic and interactive web pages. Unfortunately, JavaScript also provides the ground for web-based attacks that exploit vulnerabilities in web browsers and unnoticeably infect users with malicious software. Regular security tools, such as anti-virus scanners, increasingly fail to fend off this threat, as they are unable to cope with the r...
متن کاملAutomated Code Injection Prevention for Web Applications
We propose a new technique based on multitier compilation for preventing code injection in web applications. It consists in adding an extra stage to the client code generator which compares the dynamically generated code with the specification obtained from the syntax of the source program. No intervention from the programmer is needed. No plugin or modification of the web browser is required. ...
متن کاملCode Injection Attacks on HTML5-based Mobile Apps
HTML5-based mobile apps become more and more popular, mostly because they are much easier to be ported across different mobile platforms than native apps. HTML5-based apps are implemented using the standard web technologies, including HTML5, JavaScript and CSS; they depend on some middlewares, such as PhoneGap, to interact with the underlying OS. Knowing that JavaScript is subject to code injec...
متن کاملCode Injection Vulnerabilities in Web Applications: Exemplified at Cross-site Scripting
The majority of all security problems in today’s Web applications is caused by stringbased code injection, with Cross-site Scripting (XSS) being the dominant representative of this vulnerability class. This thesis discusses XSS and suggests defense mechanisms. We do so in three stages: First, we conduct a thorough analysis of JavaScript’s capabilities and explain how these capabilities are util...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Security and Communication Networks
سال: 2016
ISSN: 1939-0114
DOI: 10.1002/sec.1433