The high-profile attacks of malicious HTML and JavaScript code have seen a dramatic increase in both awareness and exploitation in recent years. Unfortunately, exiting security mechanisms provide no enough protection. We propose a new protection mechanism named PMHJ based on the support of both web applications and web browsers against malicious HTML and JavaScript code in vulnerable web applications. PMHJ prevents the injection attack of HTML elements with a random attribute value and the node-split attack by an attribute with the hash value of the HTML element. PMHJ ensures the content security in web pages by verifying HTML elements, confining the insecure HTML usages which can be exploited by attackers, and disabling the JavaScript APIs which may incur injection vulnerabilities. PMHJ provides a flexible way to rein the high-risk JavaScript APIs with powerful ability according to the principle of least authority. The PMHJ policy is easy to be deployed into real-world web applications. The test results show that PMHJ has little influence on the run time and code size of web pages.
from #AlexandrosSfakianakis via Alexandros G.Sfakianakis on Inoreader http://ift.tt/1VMr3fw
via IFTTT
Εγγραφή σε:
Σχόλια ανάρτησης (Atom)
Δημοφιλείς αναρτήσεις
-
Publication date: Available online 4 January 2018 Source: European Journal of Radiology Author(s): Peiyao Zhang, Jing Wang, Qin Xu, Zhen...
-
Publication date: March 2017 Source: Free Radical Biology and Medicine, Volume 104 from #AlexandrosSfakianakis via Alexandros G.Sfak...
-
Dtsch med Wochenschr DOI: 10.1055/s-0043-100054 Hintergrund und Fragestellung Ein etablierter Weg, die optimale Behandlung von Tumorpatien...
-
Background Hyperthyroidism is associated with increased thrombotic risk. As contact system activation through formation of neutrophil extrac...
-
Deepak Thapa, Vanita Ahuja, Deepanshu Dhiman Indian Journal of Anaesthesia 2017 61(12):1012-1014 from #AlexandrosSfakianakis via Alexa...
-
BACKGROUND AND PURPOSE: Dengue is a common arboviral disease, which uncommonly involves the brain. There has been a recent surge in dengu...
-
Abstract Limited memory size is considered as a major bottleneck in data centers for intelligent urban computing. It is shown that there e...
-
Linked Article: Maintz et al. Br J Dermatol 2017; 176:481–487 . from #AlexandrosSfakianakis via Alexandros G.Sfakianakis on Inoreader h...
-
Publication date: Available online 28 February 2018 Source: Oral Surgery, Oral Medicine, Oral Pathology and Oral Radiology Author(s): Mo...
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου