Supply-chain vulnerability elimination via active learning and regeneration
Software supply-chain attacks target components that are integrated into client applications.
Such attacks often target widely-used components, with the attack taking place via …
Such attacks often target widely-used components, with the attack taking place via …
Preventing dynamic library compromise on node. js via rwx-based privilege reduction
Third-party libraries ease the development of large-scale software systems. However,
libraries often execute with significantly more privilege than needed to complete their task …
libraries often execute with significantly more privilege than needed to complete their task …
[PDF][PDF] xBook: Redesigning Privacy Control in Social Networking Platforms.
Social networking websites have recently evolved from being service providers to platforms
for running third party applications. Users have typically trusted the social networking sites …
for running third party applications. Users have typically trusted the social networking sites …
Intrusion recovery for database-backed web applications
Warp is a system that helps users and administrators of web applications recover from
intrusions such as SQL injection, cross-site scripting, and clickjacking attacks, while …
intrusions such as SQL injection, cross-site scripting, and clickjacking attacks, while …
IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM
Due to its flexibility and dynamic character, JavaScript has become an important tool for
attackers. The widespread scripting language often helps them to perform a broad variety of …
attackers. The widespread scripting language often helps them to perform a broad variety of …
Privacy-preserving browser-side scripting with BFlow
Some web sites provide interactive extensions using browser scripts, often without
inspecting the scripts to verify that they are benign and bug-free. Others handle users' …
inspecting the scripts to verify that they are benign and bug-free. Others handle users' …
A Server‐Side JavaScript Security Architecture for Secure Integration of Third‐Party Libraries
N Van Ginkel, W De Groef, F Massacci… - Security and …, 2019 - Wiley Online Library
The popularity of the JavaScript programming language for server‐side programming has
increased tremendously over the past decade. The Node. js framework is a popular …
increased tremendously over the past decade. The Node. js framework is a popular …
Extensible access control with authorization contracts
Existing programming language access control frameworks do not meet the needs of all
software components. We propose an expressive framework for implementing access …
software components. We propose an expressive framework for implementing access …
JSSignature: eliminating third-party-hosted JavaScript infection threats using digital signatures
K Nakhaei, F Ansari, E Ansari - SN Applied Sciences, 2020 - Springer
Today, third-party JavaScript resources are an indispensable part of the web platform. More
than 88% of the world's top websites include at least one JavaScript resource from a remote …
than 88% of the world's top websites include at least one JavaScript resource from a remote …
Hails: Protecting data privacy in untrusted web applications
Many modern web-platforms are no longer written by a single entity, such as a company or
individual, but consist of a trusted core that can be extended by untrusted third-party authors …
individual, but consist of a trusted core that can be extended by untrusted third-party authors …