Detection of Javascript Vulnerability At Client Agen
نویسندگان
چکیده
These days, most of companies expanding their business horizon through dynamic web sites based on Web 2.0 concept. The JavaScript is a key choice of web developers to build sophisticated dynamic web 2.0 application such social network site, blogs, e-commerce websites. On the other hand vulnerable JavaScript code is also exploited by the hackers to launch the attacks. Hacker may tamper the JavaScript code to perform attacks against the client’s browser. In this work the series of attacks such as click-jacking, password capturing, phishing and cookies stealing are developed to understand to affect of vulnerable JavaScript code on web browser. The detection of vulnerable JavaScript code is a tedious task for security experts. Hence signature and regular expression based matching mechanism has been developed to detect the vulnerable JavaScript code. Index Terms Web Security, JavaScript, Web Browser, JavaScript Interpreter, Malware, Phishing, Clickjacking.
منابع مشابه
PathCutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks
Worms exploiting JavaScript XSS vulnerabilities rampantly infect millions of web pages, while drawing the ire of helpless users. To date, users across all the popular social networks, including Facebook, MySpace, Orkut and Twitter, have been vulnerable to XSSworms. We propose PathCutter as a new approach to severing the self-propagation path of JavaScript worms. PathCutter works by blocking two...
متن کاملHybrid Analysis for JavaScript Security Assessment
With the proliferation of Web 2.0 technologies, functionality in web applications is increasingly moving from server-side to client-side code, primarily JavaScript. The dynamic and eventdriven nature of JavaScript code, which is often machine generated or obfuscated, combined with reliance on complex frameworks and asynchronous communication, makes it difficult to perform effective security aud...
متن کاملRiding out DOMsday: Toward Detecting and Preventing DOM Cross-Site Scripting
Cross-site scripting (XSS) vulnerabilities are the most frequently reported web application vulnerability. As complex JavaScript applications become more widespread, DOM (Document Object Model) XSS vulnerabilities—a type of XSS vulnerability where the vulnerability is located in client-side JavaScript, rather than server-side code—are becoming more common. As the first contribution of this work...
متن کاملThou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web
Web developers routinely rely on third-party JavaScript libraries such as jQuery to enhance the functionality of their sites. However, if not properly maintained, such dependencies can create attack vectors allowing a site to be compromised. In this paper, we conduct the first comprehensive study of client-side JavaScript library usage and the resulting security implications across the Web. Usi...
متن کاملConsideration Points Detecting Cross-Site Scripting
Web application (WA) expands its usages to provide more and more services and it has become one of the most essential communication channels between service providers and the users. To augment the users’ experience many web applications are using client side scripting languages such as JavaScript but this growing of JavaScript is increasing serious security vulnerabilities in web application to...
متن کامل