Hacking Web 2.0 JavaScript
Page 1 of 1
Hacking Web 2.0 JavaScript
Hacking Web 2.0 JavaScript - Reverse Engineering,Discovery and Revelations
Abstract
Traditionally a large number of applications were carried out without the intervention of global networks like the Internet.But now, as the Web 2.0 era is emerging at an increasingly fast rate today and is here to stay, these applications are becoming increasingly dependent on the internet as a foundation platform.As the application domain increases worldwide, the variety in the kind of web content also increases and rises above mere traditional HTML.The kind of enhancements brought about in HTML pages, as viewed by a client, are introduced by technologies such as JavaScript,Flash and Silverlight.Since, these applications are widely growing and becoming crucial, here the intention is to throw light on the methods to look for security loopholes such as XSS (Cross-Site Scripting) in JavaScript, specific to the Web 2.0 implementations of the same which consume information from the un-trusted sources. The methods described pertain to static as well as dynamic analysis.Tools that have been employed in this paper are
– Static Code Analysis of JavaScript by AppCodeScan ( http://
blueinfy.com/appcodeaudit.html)
– Dynamic Debugging and Analysis by using firebug with DOM context
(http://getfirebug.com/).
Download PDF
Abstract
Traditionally a large number of applications were carried out without the intervention of global networks like the Internet.But now, as the Web 2.0 era is emerging at an increasingly fast rate today and is here to stay, these applications are becoming increasingly dependent on the internet as a foundation platform.As the application domain increases worldwide, the variety in the kind of web content also increases and rises above mere traditional HTML.The kind of enhancements brought about in HTML pages, as viewed by a client, are introduced by technologies such as JavaScript,Flash and Silverlight.Since, these applications are widely growing and becoming crucial, here the intention is to throw light on the methods to look for security loopholes such as XSS (Cross-Site Scripting) in JavaScript, specific to the Web 2.0 implementations of the same which consume information from the un-trusted sources. The methods described pertain to static as well as dynamic analysis.Tools that have been employed in this paper are
– Static Code Analysis of JavaScript by AppCodeScan ( http://
blueinfy.com/appcodeaudit.html)
– Dynamic Debugging and Analysis by using firebug with DOM context
(http://getfirebug.com/).
Download PDF
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» JavaScript for hackers
» Multiple Browsers Stack overflow in javascript with infinite array
» RSnake’s Javascript Ping Sweep Attack extended for Internet Explorer 8
» Mass Browser History Sniffing with Javascript
» Zozzle: Low-overhead Mostly Static JavaScript Malware Detection
» Multiple Browsers Stack overflow in javascript with infinite array
» RSnake’s Javascript Ping Sweep Attack extended for Internet Explorer 8
» Mass Browser History Sniffing with Javascript
» Zozzle: Low-overhead Mostly Static JavaScript Malware Detection
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum