Analysis of JavaScript web applications using SAFE 2.0.

In this paper, we present SAFE WAPI , a tool to analyze Web APIs and JavaScript web applications that use the Web APIs and to detect possible misuses of Web APIs by the web applications. ... The evolution of Web 2.0 technologies makes web applications prevalent in various platforms including mobile devices and smart TVs. ... SAFE WAPI : SAFE with analysis of Web APIs To analyze web applications using Web APIs correctly, we extend SAFE to understand Web APIs written in Web IDL. ...

doi:10.1145/2635868.2635916 dblp:conf/sigsoft/BaeCLR14 fatcat:r5x2knwzw5halowt3on3tcn4qy

With development of Web 2.0, JavaScript engines experience increasingly large performance-related challenges. ... JavaScript is the most widespread language for Web programming. And, literally, it is vital for Web 2.0. ... performance challenge for Web Applications Technology Security Performance Language Asm.js Safe Slow JavaScript WebAssembly (wasm) Safe Fast C/C++ Native Client (PNaCl) Safe Fast C/C++ ...

doi:10.25559/sitito.2017.1.454 fatcat:yt5pzjdtxjfhzlbhfgp2j4tpxu

DOAJ OJS

Using Silverlight XAML we can develop Interactive, attractive and secured web applications. ... In this paper we present Comparative analysis of accessibility and security of Silverlight XAML and other UI languages. ... With a sandbox in place, executing untrusted code embedded in Web pages is generally considered safe. However, JavaScript is not as powerful as required by modern Web pages. ...

doi:10.7763/ijcee.2009.v1.72 fatcat:f4vh4bbxdfd4tbfk2cz326gwly

In this article, we present the first measurement study on insecure practices of using JavaScript on the Web. ... Our analysis indicates that safe alternatives to these insecure practices exist in common cases and ought to be adopted by website developers and administrators for reducing potential security risks. ... Using AjaxScope, Kiciman and Livshits [2010] analyzed the behavior of over 90 Web 2.0 applications, and one of their interesting observations is that well-behaved Web 2.0 applications do not frequently ...

doi:10.1145/2460383.2460386 fatcat:kz7nu2bu2vgyjb4vxjptgxxp34

In this paper, we present the first measurement study on insecure practices of using JavaScript on the Web. ... Our analysis indicates that safe alternatives to these insecure practices exist in common cases and ought to be adopted by website developers and administrators for reducing potential security risks. ... Our analysis indicates that in common cases, safe alternatives do exist for both the insecure JavaScript inclusion and insecure JavaScript dynamic generation. ...

doi:10.1145/1526709.1526838 dblp:conf/www/YueW09 fatcat:6rhiu5bwpjfjrkollqfwsqmcuq

We also apply our prototype to analyze the behavior of over 90 Web 2.0 applications and sites that use significant amounts of JavaScript. ACM Reference Format: Kıcıman, E. and Livshits, B. 2010. ... AjaxScope: A platform for remotely monitoring the client-side behavior of Web 2.0 applications. ... ACKNOWLEDGMENTS We greatly appreciate the detailed comments and feedback of Andrew Myers, our SOSP shephard, our anonymous SOSP reviewers, and our anonymous reviewers, from ACM Transactions on the Web. ...

doi:10.1145/1841909.1841910 fatcat:4n4ywsiamrayreq6bcytibv2ku

In this paper we focus on safe dynamic updates for web and cloud applications; we point out difficulties associated with dynamic updates for these applications, present some of our preliminary results, ... The center of mass for newly-released applications is shifting from traditional, desktop or server programs, toward web and cloud computing applications. ... Challenges And State Of The Art Dynamic Languages The advent of Web 2.0 and the concept of Web as a "participation platform" gave the users more interactivity than just retrieving information, by allowing ...

doi:10.1145/1810139.1810143 fatcat:srz3wkcvnvh4bj6xbav6t7nzqq

In Web 2.0 applications, JavaScript code from different origins is often combined on a single page, leading to well-known vulnerabilities. ... We implement our proposal in WebKit and evaluate it with three policies on 50 widely used websites with no changes to their JavaScript code and report performance overheads and violations. ... Acknowledgments This work was supported by in part by Google Research Award "HAJS: High-Assurance JavaScript" and by NSF Grant "CT-ER: Controlled Declassification with Software Transactional Memory". ...

doi:10.1145/2509136.2509542 dblp:conf/oopsla/RichardsHNJV13 fatcat:bobpfnapobgo5iehsqaofvjema

Defensive JavaScript (DJS) is a typed subset of JavaScript that guarantees that the functional behavior of a program cannot be tampered with even if it is loaded by and executed within a malicious environment ... As such, DJS is ideal for writing JavaScript security components, such as bookmarklets, single sign-on widgets, and cryptographic libraries, that may be loaded within untrusted web pages alongside unknown ... Introduction Since the advent of asynchronous web applications, popularly called AJAX or Web 2.0, JavaScript has become the predominant programming language for client-side web applications. ...

doi:10.1007/978-3-319-10082-1_4 fatcat:ilrgfexv7fdcvggxh57p2joetm

A Science Gateway is a computational web portal that includes a community-developed set of tools, applications, and data customized to enable scientists to run scientific simulations, data analysis, and ... This framework enables science gateway developers to import their domain-specific scientific workflow scripts and generate Web 2.0 gadgets for running these application workflows and visualizing the output ... Figure 1 shows the basic structure of this Web 2.0 based application framework. ...

doi:10.1145/1838574.1838597 fatcat:2wt6l2rzqnadpofrnmgyczid3m

Of 777, 082 cases of dynamic HTML/JS code generation we observe, 13.3% use unsafe string interpolation for dynamic code generation -a well-known dangerous coding practice. ... DOM-based cross-site scripting (XSS) is a client-side code injection vulnerability that results from unsafe dynamic code generation in JavaScript applications, and has few known practical defenses. ... DEXTERJS performs dynamic analysis to detect and repair DOM-based XSS bugs in real web applications. ...

doi:10.1145/2786805.2786821 dblp:conf/sigsoft/ParameshwaranBS15 fatcat:s6mqikphgrdj7jesyh23qck7pm

In the last decade, the Internet landscape has transformed from a mostly static world into Web 2.0, where the use of web applications and mashups has become a daily routine for many Internet users. ... The policy language was synthesized from a study and categorization of sensitive operations in the upcoming HTML 5 JavaScript APIs, and full mediation is achieved via the use of deep aspects in the browser ... In addition, we have evaluated the performance of the WebJail implementation using micro-benchmarks, showing that both the page loadtime overhead (±7ms) and the execution overhead of a function advised ...

doi:10.1145/2076732.2076775 dblp:conf/acsac/AckerRDPJ11 fatcat:jhxdjyrm6fdzfa632f46hy6nfy

In this paper we summarize our vision for the future of web applications, focusing especially on these two important areas. ... In this paper we argue that web technologies should allow developers to easily create application mashups that leverage components and other content from all over the world. ... Caja defines a subset of JavaScript that can be used as an object-capability language. Normal (unsafe) JavaScript programs are translated into this safe subset before deployment and execution. ...

doi:10.1109/asew.2008.4686307 dblp:conf/kbse/TaivalsaariM08 fatcat:s7zznk6crnbydczoaglmkqkkoa

A Science Gateway is a computational web portal that includes a community-developed set of tools, applications, and data customized to enable scientists to run scientific simulations, data analysis, and ... Although many web-service frameworks have been designed and applied in building domain-specific science gateways, most of these efforts only addressed the issue of adding scientific applications as SOAP ... SCIENTIFIC APPLICATION MANAGEMENT In this section we present an example of using this Web 2.0 workflow framework to define applications, create application gadgets, and run workflows. ...

doi:10.1109/icws.2010.107 dblp:conf/icws/WuUWHP10 fatcat:r2wincndobf6plllbdauzwgfye

This report documents the program and the outcomes of Dagstuhl Seminar 12401 "Web Application Security". ... As web application security is a broad research domain, a diverse set of recent research results was presented during the talks, covering the web security vulnerability landscape, information-flow control ... Dependent types for javascript. In Proceedings of the ACM international conference on Object oriented programming systems languages and applications, OOPSLA '12, New '10, pages 126-150. ...

doi:10.4230/dagrep.2.10.1 dblp:journals/dagstuhl-reports/DesmetJLS12 fatcat:qkke5ohg6fcblf5prpes3a4znm

SAFEWAPI: web API misuse detector for web applications

Preserved Fulltext

A NOVEL APPROACH FOR ENHANCING PERFORMANCE OF JAVASCRIPT ENGINE FOR WEB APPLICATIONS

Preserved Fulltext

Comparative Analysis of Security and Accessibility of Silverlight XAML with Other User Interface

Preserved Fulltext

A measurement study of insecure javascript practices on the web

Preserved Fulltext

Characterizing insecure javascript practices on the web

Preserved Fulltext

AjaxScope

Preserved Fulltext

Dynamic updates for web and cloud applications

Preserved Fulltext

Flexible access control for javascript

Preserved Fulltext

Defensive JavaScript [chapter]

Preserved Fulltext

Accelerating science gateway development with Web 2.0 and Swift

Preserved Fulltext

Auto-patching DOM-based XSS at scale

Preserved Fulltext

WebJail

Preserved Fulltext

Mashups and modularity: Towards secure and reusable web applications

Preserved Fulltext

A Web 2.0-Based Scientific Application Framework

Preserved Fulltext

Web Application Security (Dagstuhl Seminar 12401)

Preserved Fulltext