Chuansen Chai scite author profile

Nowadays, many applications are too big to keep their own security. Static analysis is a technique which can be used for ensure the safety of large programs. However, frequent calls to libraries and frameworks bring a lot of difficulties to the analysis. Researchers propose the specification inference to solve the problem. We survey the recent advances in specification inference techniques and divide them into three groups by the methods they adopt which are domain specific language (DSL), data mining and abductive inference, respectively. Then we take a detailed look at the representative results in each category. It is our hope that we can see more creative achievements in this field by doing this work.

show abstract

A Protection Mechanism against Malicious HTML and JavaScript Code in Vulnerable Web Applications

Liu¹,

Yan²,

Wang³

et al. 2016

Mathematical Problems in Engineering

View full text Add to dashboard Cite

The high-profile attacks of malicious HTML and JavaScript code have seen a dramatic increase in both awareness and exploitation in recent years. Unfortunately, exiting security mechanisms provide no enough protection. We propose a new protection mechanism named PMHJ based on the support of both web applications and web browsers against malicious HTML and JavaScript code in vulnerable web applications. PMHJ prevents the injection attack of HTML elements with a random attribute value and the node-split attack by an attribute with the hash value of the HTML element. PMHJ ensures the content security in web pages by verifying HTML elements, confining the insecure HTML usages which can be exploited by attackers, and disabling the JavaScript APIs which may incur injection vulnerabilities. PMHJ provides a flexible way to rein the high-risk JavaScript APIs with powerful ability according to the principle of least authority. The PMHJ policy is easy to be deployed into real-world web applications. The test results show that PMHJ has little influence on the run time and code size of web pages.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Chuansen Chai

Static detection of execution after redirect vulnerabilities in PHP applications

A Brief Survey of Specification Inference in Static Program Analysis

A Protection Mechanism against Malicious HTML and JavaScript Code in Vulnerable Web Applications

Contact Info

Product

Resources

About