Detection of Javascript Vulnerability At Client Agen

نویسندگان

  • Saurabh Jain
  • Deepak Singh Tomar
  • Divya Rishi Sahu
چکیده

These days, most of companies expanding their business horizon through dynamic web sites based on Web 2.0 concept. The JavaScript is a key choice of web developers to build sophisticated dynamic web 2.0 application such social network site, blogs, e-commerce websites. On the other hand vulnerable JavaScript code is also exploited by the hackers to launch the attacks. Hacker may tamper the JavaScript code to perform attacks against the client’s browser. In this work the series of attacks such as click-jacking, password capturing, phishing and cookies stealing are developed to understand to affect of vulnerable JavaScript code on web browser. The detection of vulnerable JavaScript code is a tedious task for security experts. Hence signature and regular expression based matching mechanism has been developed to detect the vulnerable JavaScript code. Index Terms Web Security, JavaScript, Web Browser, JavaScript Interpreter, Malware, Phishing, Clickjacking.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

PathCutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks

Worms exploiting JavaScript XSS vulnerabilities rampantly infect millions of web pages, while drawing the ire of helpless users. To date, users across all the popular social networks, including Facebook, MySpace, Orkut and Twitter, have been vulnerable to XSSworms. We propose PathCutter as a new approach to severing the self-propagation path of JavaScript worms. PathCutter works by blocking two...

متن کامل

Hybrid Analysis for JavaScript Security Assessment

With the proliferation of Web 2.0 technologies, functionality in web applications is increasingly moving from server-side to client-side code, primarily JavaScript. The dynamic and eventdriven nature of JavaScript code, which is often machine generated or obfuscated, combined with reliance on complex frameworks and asynchronous communication, makes it difficult to perform effective security aud...

متن کامل

Riding out DOMsday: Toward Detecting and Preventing DOM Cross-Site Scripting

Cross-site scripting (XSS) vulnerabilities are the most frequently reported web application vulnerability. As complex JavaScript applications become more widespread, DOM (Document Object Model) XSS vulnerabilities—a type of XSS vulnerability where the vulnerability is located in client-side JavaScript, rather than server-side code—are becoming more common. As the first contribution of this work...

متن کامل

Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web

Web developers routinely rely on third-party JavaScript libraries such as jQuery to enhance the functionality of their sites. However, if not properly maintained, such dependencies can create attack vectors allowing a site to be compromised. In this paper, we conduct the first comprehensive study of client-side JavaScript library usage and the resulting security implications across the Web. Usi...

متن کامل

Consideration Points Detecting Cross-Site Scripting

Web application (WA) expands its usages to provide more and more services and it has become one of the most essential communication channels between service providers and the users. To augment the users’ experience many web applications are using client side scripting languages such as JavaScript but this growing of JavaScript is increasing serious security vulnerabilities in web application to...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2012