Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2011
ACM
2011
ACM
Fortifying web-based applications automatically
Browser designers create security mechanisms to help web developers protect web applications, but web developers are usually slow to use these features in web-based applications (web apps). In this paper we introduce Zan1 , a browserbased system for applying new browser security mechanisms to legacy web apps automatically. Our key insight is that web apps often contain enough information, via web developer source-code patterns or key properties of web-app objects, to allow the browser to infer opportunities for applying new security mechanisms to existing web apps. We apply this new concept to protect authentication cookies, prevent web apps from being framed unwittingly, and perform JavaScript object deserialization safely. We evaluate Zan on up to the 1000 most popular websites for each of the three cases. We find that Zan can provide complimentary protection for the majority of potentially applicable websites automatically without requiring additional code from the web developers ...
Real-time TrafficCCS 2011 | Computing And Information Systems | Information Systems Security | Legacy Web | Security Privacy |
Related Content
| Added | 13 Dec 2011 |
| Updated | 13 Dec 2011 |
| Type | Journal |
| Year | 2011 |
| Where | CCS |
| Authors | Shuo Tang, Nathan Dautenhahn, Samuel T. King |
Comments (0)
Researcher Info
|
