International Journal of Scientific & Technology Research

Home About Us Scope Editorial Board Blog/Latest News Contact Us
10th percentile
Powered by  Scopus
Scopus coverage:
Nov 2018 to May 2020


IJSTR >> Volume 1 - Issue 7, August 2012 Edition

International Journal of Scientific & Technology Research  
International Journal of Scientific & Technology Research

Website: http://www.ijstr.org

ISSN 2277-8616

Detection of Javascript Vulnerability At Client Agent

[Full Text]



Saurabh Jain, Deepak Singh Tomar, Divya Rishi Sahu



Index Terms - Web Security, JavaScript, Web Browser, JavaScript Interpreter, Malware, Phishing, Clickjacking.



Abstract- These days, most of companies expanding their business horizon through dynamic web sites based on Web 2.0 concept. The JavaScript is a key choice of web developers to build sophisticated dynamic web 2.0 application such social network site, blogs, e-commerce websites. On the other hand vulnerable JavaScript code is also exploited by the hackers to launch the attacks. Hacker may tamper the JavaScript code to perform attacks against the client\'s browser. In this work the series of attacks such as click-jacking, password capturing, phishing and cookies stealing are developed to understand to affect of vulnerable JavaScript code on web browser. The detection of vulnerable JavaScript code is a tedious task for security experts. Hence signature and regular expression based matching mechanism has been developed to detect the vulnerable JavaScript code.



[1] Alan Grosskurth, Michael W. Godfrey, \\\\\\\"Architecture and evolution ofthe modem web browser\\\\\\\", http://grosskurth.ca/papers/browser-archevol-20060619.pdf

[2] D. Flanagan. JavaScript: The Definitive Guide, 4th Edition. December 2001.
[3] G. Wassermann and Z. Su, “Static detection of cross-site scripting vulnerabilities”, ICSE, Germany, 2008, pp. 171-180.

[4] Plig-ins http://www.boutell.com/newfaq/definitions/plugin.html
[5] Franco Callegati and Marco Ramilli University of Bologna “Attack Trends - Frightened by Links”
[6] Huajun Huang; Shaohong Zhong; Junshan Tan “Browser-Side Countermeasures for Deceptive Phishing Attack” Information Assurance and Security, 2009. IAS \\\\\\\'09. Fifth International Conference.
[7] Chuan Yue; Mengjun Xie; Haining Wang “Automatic Cookie Usage Setting with CookiePicker” Dependable Systems and Networks, 2007. DSN \\\\\\\'07. 37th Annual IEEE/IFIP International Conference on 25-28 June 2007.
[8] Nadeem, T.; Killam, B. ”A study of three browser history mechanisms for Web navigation” Information Visualisation, 2001. Proceedings. Fifth International Conference
[9] Regular expression http://docs.oracle.com/javase/1.4.2/docs/api/java/util/regex/Pattern.html
[10] Feng Zhao “The Algorithm Analyses and Design about the Subjective Test Online Basing on the DOM Tree” Computer Science and Software Engineering, 2008 International Conference