Automated Transformation of Template-Based Web Applications into Single-Page Applications

“…For web applications, templates are dynamically generated web pages based on a structure that helps users easily obtain information [4], [6].…”

“…But in website term injection means putting an external arbitrary query or modifying some requests by intercepting web requests. Thus, an injection allows malicious payload with web application requests into another server [4]. A successful injection can read sensitive data and can get root privilege to that server [1], [5], [6], [9].…”

“…Developers also feel relaxed with Ajax due to its robustness and easy integrability with API. Usually Ajax displays data in XML, JSON, or plain text starting from this stage [1], [4]. Since developers are not very much aware to implement the secured tunneling protocols like Hyper Text Transfer Protocol Secure (HTTPS), Secure Sockets Layer (SSL), Transport Layer Security (TLS), etc., attackers, working as middleman, are trying to list and intercept all request from server through insecure protocol like Hyper Text Transfer Protocol (HTTP) to manipulate the requests [1], [7], [10].…”

“…Moreover, the websites of the Bangladesh government are vulnerable to these attacks. The two attacks are interrelated because an attacker can launch an XSS attack by exploiting a CSRF attack on a vulnerable website [4]. The authors consider SQLi vulnerability, which is a damaging attack against web application database credentials.…”

A Study of Ajax Template Injection in Web Applications

“…For web applications, templates are dynamically generated web pages based on a structure that helps users easily obtain information [4], [6].…”

“…But in website term injection means putting an external arbitrary query or modifying some requests by intercepting web requests. Thus, an injection allows malicious payload with web application requests into another server [4]. A successful injection can read sensitive data and can get root privilege to that server [1], [5], [6], [9].…”

“…Developers also feel relaxed with Ajax due to its robustness and easy integrability with API. Usually Ajax displays data in XML, JSON, or plain text starting from this stage [1], [4]. Since developers are not very much aware to implement the secured tunneling protocols like Hyper Text Transfer Protocol Secure (HTTPS), Secure Sockets Layer (SSL), Transport Layer Security (TLS), etc., attackers, working as middleman, are trying to list and intercept all request from server through insecure protocol like Hyper Text Transfer Protocol (HTTP) to manipulate the requests [1], [7], [10].…”

“…Moreover, the websites of the Bangladesh government are vulnerable to these attacks. The two attacks are interrelated because an attacker can launch an XSS attack by exploiting a CSRF attack on a vulnerable website [4]. The authors consider SQLi vulnerability, which is a damaging attack against web application database credentials.…”

A Study of Ajax Template Injection in Web Applications

MVC architecture driven restructuring to achieve client-side web page composition

Web app restructuring based on shadow DOMs to improve maintainability