The high-profile attacks of malicious HTML and JavaScript code have seen a dramatic increase in both awareness and exploitation in recent years. Unfortunately, exiting security mechanisms provide no enough protection. We propose a new protection mechanism named PMHJ based on the support of both web applications and web browsers against malicious HTML and JavaScript code in vulnerable web applications. PMHJ prevents the injection attack of HTML elements with a random attribute value and the node-split attack by an attribute with the hash value of the HTML element. PMHJ ensures the content security in web pages by verifying HTML elements, confining the insecure HTML usages which can be exploited by attackers, and disabling the JavaScript APIs which may incur injection vulnerabilities. PMHJ provides a flexible way to rein the high-risk JavaScript APIs with powerful ability according to the principle of least authority. The PMHJ policy is easy to be deployed into real-world web applications. The test results show that PMHJ has little influence on the run time and code size of web pages.
from #AlexandrosSfakianakis via Alexandros G.Sfakianakis on Inoreader http://ift.tt/1VMr3fw
via IFTTT
Εγγραφή σε:
Σχόλια ανάρτησης (Atom)
Δημοφιλείς αναρτήσεις
-
Background Hyperthyroidism is associated with increased thrombotic risk. As contact system activation through formation of neutrophil extrac...
-
UM-Chor1: establishment and characterization of the first validated clival chordoma cell line. J Neurosurg. 2017 Apr 21;:1-9 Authors:...
-
Publication date: Available online 10 May 2017 Source: Journal of Dairy Science Author(s): R.E. Vibart, M. Tavendale, D. Otter, B.H. Schw...
-
Competency-based psychiatric education for Indian medical undergraduates Vijayalakshmi Pernenkil Archives of Mental Health 2019 20(1):1-2 Be...
-
Related Articles Developmental control of macrophage function. Curr Opin Immunol. 2017 Dec 13;50:64-74 Authors: Bonnardel J, Guillia...
-
from #AlexandrosSfakianakis via Alexandros G.Sfakianakis on Inoreader http://ift.tt/2tcPIjn via IFTTT
-
Abstract: Epidermolytic ichthyosis (EI) is a rare disorder of cornification caused by mutations in KRT1 and KRT10, encoding two suprabasal e...
-
Bloomberg Celgene Settles Whistle-Blower Fraud Suit for $280 Million Bloomberg Even after the FDA approved Thalomid for multiple myelo...
-
Related Articles Chinese version of the Constant-Murley questionnaire for shoulder pain and disability: a reliability and validation ...
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου