SafeScript: JavaScript Transformation for Policy Enforcement

Louw, Mike Ter; Phung, Phu H.; Krishnamurti, Rohini; Venkatakrishnan, V.

doi:10.1007/978-3-642-41488-6_5

Cited by 4 publications

(1 citation statement)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Besides information flow control, in the literature there are several frameworks for enforcing general security policies on untrusted JavaScript code [Meyerovich and Livshits 2010;Yu et al 2007;Louw et al 2013;Phung et al 2009;Van Acker et al 2011]. We just provide a brief overview on them here and we refer the interested reader to a recent survey by Bielova [Bielova 2013] for additional details.…”

Section: Security Policies For Javascriptmentioning

confidence: 99%

Surviving the Web

et al. 2017

View full text Add to dashboard Cite

In this article, we survey the most common attacks against web sessions, that is, attacks that target honest web browser users establishing an authenticated session with a trusted web application. We then review existing security solutions that prevent or mitigate the different attacks by evaluating them along four different axes: protection, usability, compatibility, and ease of deployment. We also assess several defensive solutions that aim at providing robust safeguards against multiple attacks. Based on this survey, we identify five guidelines that, to different extents, have been taken into account by the designers of the different proposals we reviewed. We believe that these guidelines can be helpful for the development of innovative solutions approaching web security in a more systematic and comprehensive way.

show abstract