Filters








3 Hits in 2.2 sec

Analyzing and defending against web-based malware

Jian Chang, Krishna K. Venkatasubramanian, Andrew G. West, Insup Lee
2013 ACM Computing Surveys  
First, we study the attack model, the root-cause, and the vulnerabilities that enable these attacks. Second, we analyze the status quo of the web-based malware problem.  ...  and testing techniques to identify the vulnerabilities of web applications; and (3) constructing reputation-based blacklists or smart sandbox systems to protect end users from attacks.  ...  Serving as a proxy server, WebShield only forwards the consequences of JavaScript code execution (e.g., DOM modifications) to the client-side browsers for rendering.  ... 
doi:10.1145/2501654.2501663 fatcat:kvmuw7n5wzcq5e4jtpxovxwmue

CSPAutoGen

Xiang Pan, Yinzhi Cao, Shuangping Liu, Yu Zhou, Yan Chen, Tingzhe Zhou
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
Although client-side adoption of CSP is successful, server-side adoption is far behind the client side: according to a large-scale survey, less than 0.002% of Alexa Top 1M websites enabled CSP.  ...  To facilitate the adoption of CSP, we propose CSPAutoGen to enable CSP in real-time, without server modifications, and being compatible with real-world websites.  ...  In academia, WebShield [28] rewrites webpages to enable web defense techniques. Erlingsson et al. [13] enforce security policies on binaries by taking advantage of rewriting techniques.  ... 
doi:10.1145/2976749.2978384 dblp:conf/ccs/PanCLZCZ16 fatcat:bquqmtc7bnhkniqkrzopg3ipny

Proactive Web Security and Privacy Systems without Breaking Compatibility

Xiang Pan
2017 unpublished
Proactive Web Security and Privacy Systems without Breaking Compatibility. Xiang Pan Web users su↵er from security and privacy threats.  ...  Defense mechanisms can be classified as reactive approach and proactive approach. Reactive approach is based on attacks that have happened or vulnerabilities that have been discovered.  ...  In academia, WebShield [82] rewrites webpages to enable web defense tech- niques. Erlingsson et al. [51] enforce security policies on binaries by taking advantage of rewriting techniques.  ... 
doi:10.21985/n2668g fatcat:67qtmbe5wfbvbpcz7mshmu5jpq