Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
WWW
2009
ACM
2009
ACM
Characterizing insecure javascript practices on the web
JavaScript is an interpreted programming language most often used for enhancing webpage interactivity and functionality. It has powerful capabilities to interact with webpage documents and browser windows, however, it has also opened the door for many browser-based security attacks. Insecure engineering practices of using JavaScript may not directly lead to security breaches, but they can create new attack vectors and greatly increase the risks of browserbased attacks. In this paper, we present the first measurement study on insecure practices of using JavaScript on the Web. Our focus is on the insecure practices of JavaScript inclusion and dynamic generation, and we examine their severity and nature on 6,805 unique websites. Our measurement results reveal that insecure JavaScript practices are common at various websites: (1) at least 66.4% of the measured websites manifest the insecure practices of including JavaScript files from external domains into the top-level documents of their...
Real-time TrafficInsecure Engineering Practices | Insecure Javascript Practices | Insecure Practices | Internet Technology | WWW 2009 |
| Added | 21 Nov 2009 |
| Updated | 21 Nov 2009 |
| Type | Conference |
| Year | 2009 |
| Where | WWW |
| Authors | Chuan Yue, Haining Wang |
Comments (0)
Researcher Info
|
