2,044 Hits in 4.9 sec

SAFEWAPI: web API misuse detector for web applications

SungGyeong Bae, Hyunghun Cho, Inho Lim, Sukyoung Ryu
2014 Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2014  
In this paper, we present SAFE WAPI , a tool to analyze Web APIs and JavaScript web applications that use the Web APIs and to detect possible misuses of Web APIs by the web applications.  ...  The evolution of Web 2.0 technologies makes web applications prevalent in various platforms including mobile devices and smart TVs.  ...  SAFE WAPI : SAFE with analysis of Web APIs To analyze web applications using Web APIs correctly, we extend SAFE to understand Web APIs written in Web IDL.  ... 
doi:10.1145/2635868.2635916 dblp:conf/sigsoft/BaeCLR14 fatcat:r5x2knwzw5halowt3on3tcn4qy


R.B. Ayrapetyan, E.A. Gavrin, A.N. Shitov
2017 Sovremennye Informacionnye Tehnologii i IT-obrazovanie  
With development of Web 2.0, JavaScript engines experience increasingly large performance-related challenges.  ...  JavaScript is the most widespread language for Web programming. And, literally, it is vital for Web 2.0.  ...  performance challenge for Web Applications Technology Security Performance Language Asm.js Safe Slow JavaScript WebAssembly (wasm) Safe Fast C/C++ Native Client (PNaCl) Safe Fast C/C++  ... 
doi:10.25559/sitito.2017.1.454 fatcat:yt5pzjdtxjfhzlbhfgp2j4tpxu

Comparative Analysis of Security and Accessibility of Silverlight XAML with Other User Interface

G. Appasami, Joseph K. Suresh
2009 International Journal of Computer and Electrical Engineering  
Using Silverlight XAML we can develop Interactive, attractive and secured web applications.  ...  In this paper we present Comparative analysis of accessibility and security of Silverlight XAML and other UI languages.  ...  With a sandbox in place, executing untrusted code embedded in Web pages is generally considered safe. However, JavaScript is not as powerful as required by modern Web pages.  ... 
doi:10.7763/ijcee.2009.v1.72 fatcat:f4vh4bbxdfd4tbfk2cz326gwly

A measurement study of insecure javascript practices on the web

Chuan Yue, Haining Wang
2013 ACM Transactions on the Web  
In this article, we present the first measurement study on insecure practices of using JavaScript on the Web.  ...  Our analysis indicates that safe alternatives to these insecure practices exist in common cases and ought to be adopted by website developers and administrators for reducing potential security risks.  ...  Using AjaxScope, Kiciman and Livshits [2010] analyzed the behavior of over 90 Web 2.0 applications, and one of their interesting observations is that well-behaved Web 2.0 applications do not frequently  ... 
doi:10.1145/2460383.2460386 fatcat:kz7nu2bu2vgyjb4vxjptgxxp34

Characterizing insecure javascript practices on the web

Chuan Yue, Haining Wang
2009 Proceedings of the 18th international conference on World wide web - WWW '09  
In this paper, we present the first measurement study on insecure practices of using JavaScript on the Web.  ...  Our analysis indicates that safe alternatives to these insecure practices exist in common cases and ought to be adopted by website developers and administrators for reducing potential security risks.  ...  Our analysis indicates that in common cases, safe alternatives do exist for both the insecure JavaScript inclusion and insecure JavaScript dynamic generation.  ... 
doi:10.1145/1526709.1526838 dblp:conf/www/YueW09 fatcat:6rhiu5bwpjfjrkollqfwsqmcuq


Emre Kiciman, Benjamin Livshits
2010 ACM Transactions on the Web  
We also apply our prototype to analyze the behavior of over 90 Web 2.0 applications and sites that use significant amounts of JavaScript. ACM Reference Format: Kıcıman, E. and Livshits, B. 2010.  ...  AjaxScope: A platform for remotely monitoring the client-side behavior of Web 2.0 applications.  ...  ACKNOWLEDGMENTS We greatly appreciate the detailed comments and feedback of Andrew Myers, our SOSP shephard, our anonymous SOSP reviewers, and our anonymous reviewers, from ACM Transactions on the Web.  ... 
doi:10.1145/1841909.1841910 fatcat:4n4ywsiamrayreq6bcytibv2ku

Dynamic updates for web and cloud applications

Pamela Bhattacharya, Iulian Neamtiu
2010 Proceedings of the 2010 Workshop on Analysis and Programming Languages for Web Applications and Cloud Applications - APLWACA '10  
In this paper we focus on safe dynamic updates for web and cloud applications; we point out difficulties associated with dynamic updates for these applications, present some of our preliminary results,  ...  The center of mass for newly-released applications is shifting from traditional, desktop or server programs, toward web and cloud computing applications.  ...  Challenges And State Of The Art Dynamic Languages The advent of Web 2.0 and the concept of Web as a "participation platform" gave the users more interactivity than just retrieving information, by allowing  ... 
doi:10.1145/1810139.1810143 fatcat:srz3wkcvnvh4bj6xbav6t7nzqq

Flexible access control for javascript

Gregor Richards, Christian Hammer, Francesco Zappa Nardelli, Suresh Jagannathan, Jan Vitek
2013 Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications - OOPSLA '13  
In Web 2.0 applications, JavaScript code from different origins is often combined on a single page, leading to well-known vulnerabilities.  ...  We implement our proposal in WebKit and evaluate it with three policies on 50 widely used websites with no changes to their JavaScript code and report performance overheads and violations.  ...  Acknowledgments This work was supported by in part by Google Research Award "HAJS: High-Assurance JavaScript" and by NSF Grant "CT-ER: Controlled Declassification with Software Transactional Memory".  ... 
doi:10.1145/2509136.2509542 dblp:conf/oopsla/RichardsHNJV13 fatcat:bobpfnapobgo5iehsqaofvjema

Defensive JavaScript [chapter]

Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Sergio Maffeis
2014 Lecture Notes in Computer Science  
Defensive JavaScript (DJS) is a typed subset of JavaScript that guarantees that the functional behavior of a program cannot be tampered with even if it is loaded by and executed within a malicious environment  ...  As such, DJS is ideal for writing JavaScript security components, such as bookmarklets, single sign-on widgets, and cryptographic libraries, that may be loaded within untrusted web pages alongside unknown  ...  Introduction Since the advent of asynchronous web applications, popularly called AJAX or Web 2.0, JavaScript has become the predominant programming language for client-side web applications.  ... 
doi:10.1007/978-3-319-10082-1_4 fatcat:ilrgfexv7fdcvggxh57p2joetm

Accelerating science gateway development with Web 2.0 and Swift

Wenjun Wu, Thomas Uram, Michael Wilde, Mark Hereld, Michael E. Papka
2010 Proceedings of the 2010 TeraGrid Conference on - TG '10  
A Science Gateway is a computational web portal that includes a community-developed set of tools, applications, and data customized to enable scientists to run scientific simulations, data analysis, and  ...  This framework enables science gateway developers to import their domain-specific scientific workflow scripts and generate Web 2.0 gadgets for running these application workflows and visualizing the output  ...  Figure 1 shows the basic structure of this Web 2.0 based application framework.  ... 
doi:10.1145/1838574.1838597 fatcat:2wt6l2rzqnadpofrnmgyczid3m

Auto-patching DOM-based XSS at scale

Inian Parameshwaran, Enrico Budianto, Shweta Shinde, Hung Dang, Atul Sadhu, Prateek Saxena
2015 Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering - ESEC/FSE 2015  
Of 777, 082 cases of dynamic HTML/JS code generation we observe, 13.3% use unsafe string interpolation for dynamic code generation -a well-known dangerous coding practice.  ...  DOM-based cross-site scripting (XSS) is a client-side code injection vulnerability that results from unsafe dynamic code generation in JavaScript applications, and has few known practical defenses.  ...  DEXTERJS performs dynamic analysis to detect and repair DOM-based XSS bugs in real web applications.  ... 
doi:10.1145/2786805.2786821 dblp:conf/sigsoft/ParameshwaranBS15 fatcat:s6mqikphgrdj7jesyh23qck7pm


Steven Van Acker, Philippe De Ryck, Lieven Desmet, Frank Piessens, Wouter Joosen
2011 Proceedings of the 27th Annual Computer Security Applications Conference on - ACSAC '11  
In the last decade, the Internet landscape has transformed from a mostly static world into Web 2.0, where the use of web applications and mashups has become a daily routine for many Internet users.  ...  The policy language was synthesized from a study and categorization of sensitive operations in the upcoming HTML 5 JavaScript APIs, and full mediation is achieved via the use of deep aspects in the browser  ...  In addition, we have evaluated the performance of the WebJail implementation using micro-benchmarks, showing that both the page loadtime overhead (±7ms) and the execution overhead of a function advised  ... 
doi:10.1145/2076732.2076775 dblp:conf/acsac/AckerRDPJ11 fatcat:jhxdjyrm6fdzfa632f46hy6nfy

Mashups and modularity: Towards secure and reusable web applications

Antero Taivalsaari, Tommi Mikkonen
2008 2008 23rd IEEE/ACM International Conference on Automated Software Engineering - Workshops  
In this paper we summarize our vision for the future of web applications, focusing especially on these two important areas.  ...  In this paper we argue that web technologies should allow developers to easily create application mashups that leverage components and other content from all over the world.  ...  Caja defines a subset of JavaScript that can be used as an object-capability language. Normal (unsafe) JavaScript programs are translated into this safe subset before deployment and execution.  ... 
doi:10.1109/asew.2008.4686307 dblp:conf/kbse/TaivalsaariM08 fatcat:s7zznk6crnbydczoaglmkqkkoa

A Web 2.0-Based Scientific Application Framework

Wenjun Wu, Thomas D. Uram, Michael Wilde, Mark Hereld, Michael E. Papka
2010 2010 IEEE International Conference on Web Services  
A Science Gateway is a computational web portal that includes a community-developed set of tools, applications, and data customized to enable scientists to run scientific simulations, data analysis, and  ...  Although many web-service frameworks have been designed and applied in building domain-specific science gateways, most of these efforts only addressed the issue of adding scientific applications as SOAP  ...  SCIENTIFIC APPLICATION MANAGEMENT In this section we present an example of using this Web 2.0 workflow framework to define applications, create application gadgets, and run workflows.  ... 
doi:10.1109/icws.2010.107 dblp:conf/icws/WuUWHP10 fatcat:r2wincndobf6plllbdauzwgfye

Web Application Security (Dagstuhl Seminar 12401)

Lieven Desmet, Martin Johns, Benjamin Livshits, Andrei Sabelfeld, Marc Herbstritt
2013 Dagstuhl Reports  
This report documents the program and the outcomes of Dagstuhl Seminar 12401 "Web Application Security".  ...  As web application security is a broad research domain, a diverse set of recent research results was presented during the talks, covering the web security vulnerability landscape, information-flow control  ...  Dependent types for javascript. In Proceedings of the ACM international conference on Object oriented programming systems languages and applications, OOPSLA '12, New '10, pages 126-150.  ... 
doi:10.4230/dagrep.2.10.1 dblp:journals/dagstuhl-reports/DesmetJLS12 fatcat:qkke5ohg6fcblf5prpes3a4znm
« Previous Showing results 1 — 15 out of 2,044 results