|
7th USENIX Security Symposium, San Antonio, Texas
Security of Web Browser Scripting Languages: Vulnerabilities, Attacks, and Remedies
Vinod Anupam and Alain Mayer
Bell Laboratories, Lucent Technologies
Abstract
While conducting a security analysis of JavaScript
and VBScript, the most popular scripting languages
on the Web, we found some serious flaws. Motivated
by this outcome, we propose steps towards a
sound definition and design of a security framework
for scripting languages on the Web. We show that if
such a security framework had been integrated into
the respective scripting languages from the very
beginning, the probability of preventing the multiple
security flaws, that we and other research groups
identified, would have been greatly increased.
- View the full text of this paper in
PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|
Need help? Use our Contacts page.
Technical Program