Resolving JavaScript Vulnerabilities in the Browser Runtime

Ofuonye, Ejike; Miller, James

doi:10.1109/issre.2008.11

Cited by 7 publications

(5 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In 2008, Ejike Ofuonye et al [20] mark slow into the close off and administration of revolutionary weave consumer influence cryptogram based on practices instrumentation techniques. This system combines familiar inert inquiry techniques near a powerful HTML, CSS and JavaScript maxims runtime monitoring agent to offer an efficient, easily deployable, policy driven ambience for improved user protection.…”

Section: Related Workmentioning

confidence: 99%

Attack Detection and Security in Remote Code Execution

Sharma¹,

Tomar²

2015

IJCA

View full text Add to dashboard Cite

The communication system today mostly relies on the World Wide Web. It is also the most convenient way and easier accessing to both the parties within few seconds. This is the one phase which is the brightest way of remote communication the other phase is the data is on the risk. Because the attackers are waiting for the code execution and by the several means the data might be attacked. So attack detection and considering security is the major concern now days. In this paper we have implemented an advanced security system by using advanced Rivest Cipher (RC) mechanism. A detection mechanism with the help of bengin tag is also implemented to achieve the malicious detection. There is a provision of data existence check also so that the data will be identified timely. The results shown by our methodology have the improving detection approach in terms of security and data existence. For this JSP and HTML based framework are used.

show abstract

Section: Related Workmentioning

confidence: 99%

Attack Detection and Security in Remote Code Execution

Sharma¹,

Tomar²

2015

IJCA

View full text Add to dashboard Cite

show abstract

“…In 2008, Ejike Ofuonye et al [10] mark slow into the close off and administration of revolutionary weave consumer influence cryptogram based on practices instrumentation techniques. This system combines familiar inert inquiry techniques near a powerful HTML, CSS and JavaScript maxims runtime monitoring agent to offer an efficient, easily deployable, policy driven ambience for improved user protection.…”

Section: Related Workmentioning

confidence: 99%

Vulnerability Detection in Remote Code Execution A Survey

Sharma¹,

Tomar²,

Kumar³

2014

International Journal of Advanced Research in Computer and Comm

View full text Add to dashboard Cite

Abstract:We are totally dependent on the web in today's age. It makes everything in communication easy. But the other side is the darker side. Communication on the web is easy and convenient way for data sending and receiving but the chances of data accessing from the remote side is also increasing. Now a days Remote Code Execution (RCE) threat is in the dangerous span over the internet. In RCE the attacker transform their code to the legal client with the help of scripting language and control the code according to their choice and the legal user not know what happened to their side. We can say that it is a type of cross site scripting (XSS) attack. In this attack geographical location doesn't matter, where you are? IT only knows the scripting and the controller. It is the higher risk today in web world. So in this paper we have discussed RCE in detail with the control techniques which are suggested in the previous research as well as the future scope of betterment.

show abstract

“…The former approach is taken by the BrowserShield tool [28] which performs a deep wrapping of code, requiring run-time parsing and transformation of the code. In more recent work, Ofuonye and Miller [23] show that the high runtime overheads witnessed in BrowserShield can be improved in practice by optimising the instrumentation technique. The lightweight approach refers to techniques which do not require any aggressive code manipulation.…”

Section: The Wrapper Landscapementioning

confidence: 99%

“…Ofuonye and Miller [23] introduced an optimized transformation method to implement wrappers by rewriting objects identified as being vulnerable. Their approach can be viewed as an optimization of the BrowserShield approach [28].…”

Section: Related Workmentioning

confidence: 99%

“…jQuery AOP [15], dojo AOP [10], Ajaxpect [1], AspectJS [3], Cerny.js [7], AspectES [4] and PrototypeJS [27]), there have been several AOP frameworks for JavaScript in literature. AOJS [33] is a framework supporting the separation between aspects and JavaScript code where aspects are defined in a XML-based language and then woven to JavaScript by a tool (similar to the proxy-based approach like [28,23,16] reviewed in the introduction). Current implementation of AOJS only support before and after advice, as the aspect system cannot control the behavior of operations.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Safe Wrappers and Sane Policies for Self Protecting JavaScript

Magazinius

Phung

Sands

2012

Information Security Technology for Applications

View full text Add to dashboard Cite

Abstract. Phung et al (ASIACCS'09) describe a method for wrapping built-in methods of JavaScript programs in order to enforce security policies. The method is appealing because it requires neither deep transformation of the code nor browser modification. Unfortunately the implementation outlined suffers from a range of vulnerabilities, and policy construction is restrictive and error prone. In this paper we address these issues to provide a systematic way to avoid the identified vulnerabilities, and make it easier for the policy writer to construct declarative policies -i.e. policies upon which attacker code has no side effects.

show abstract

Resolving JavaScript Vulnerabilities in the Browser Runtime

Cited by 7 publications

References 9 publications

Attack Detection and Security in Remote Code Execution

Attack Detection and Security in Remote Code Execution

Vulnerability Detection in Remote Code Execution A Survey

Safe Wrappers and Sane Policies for Self Protecting JavaScript

Contact Info

Product

Resources

About