Cross Site Scripting (XSS) allows an attacker to inject malicious code into a webpage. Modern web applications enforce various security measures to mitigate attacks but many of these can be easily circumvented by malicious scripts. In fact, JavaScript has full access to the content of a page, thus any confidential information is potentially compromised whenever an attacker is able to inject a malicious script in a visited webpage. In this thesis we experiment techniques to wrap JavaScript APIs so to control what scripts can do and to mitigate the consequences of XSS attacks. We consider the case study of a login form and we show how to prevent password leakage through JavaScript API wrapping.
Client-side security through JavaScript API wrapping
Baesso, Andrea
2017/2018
Abstract
Cross Site Scripting (XSS) allows an attacker to inject malicious code into a webpage. Modern web applications enforce various security measures to mitigate attacks but many of these can be easily circumvented by malicious scripts. In fact, JavaScript has full access to the content of a page, thus any confidential information is potentially compromised whenever an attacker is able to inject a malicious script in a visited webpage. In this thesis we experiment techniques to wrap JavaScript APIs so to control what scripts can do and to mitigate the consequences of XSS attacks. We consider the case study of a login form and we show how to prevent password leakage through JavaScript API wrapping.| File | Dimensione | Formato | |
|---|---|---|---|
|
834951-1201026.pdf
accesso aperto
Tipologia:
Altro materiale allegato
Dimensione
793.01 kB
Formato
Adobe PDF
|
793.01 kB | Adobe PDF | Visualizza/Apri |
I documenti in UNITESI sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/20.500.14247/20444