SlideShare is now on Android. 15 million presentations at your fingertips.  Get the app

×
  • Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
 

Client-side JavaScript Vulnerabilities

by Principal Product Architect, Cloud Security at Akamai Technologies on Jul 28, 2011

  • 16,412 views

Automatically detecting client side JavaScript vulnerabilities using IBM Rational AppScan and JavaScript Security Analyzer (hybrid analysis)

Automatically detecting client side JavaScript vulnerabilities using IBM Rational AppScan and JavaScript Security Analyzer (hybrid analysis)

Statistics

Views

Total Views
16,412
Views on SlideShare
16,398
Embed Views
14

Actions

Likes
4
Downloads
142
Comments
3

3 Embeds 14

http://twitter.com 7
https://twitter.com 6
http://a0.twimg.com 1

Accessibility

Categories

Upload Details

Uploaded via SlideShare as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

13 of 3 previous next Post a comment

  • waqeehulhasan Waqeeh Sonu nice 1 year ago
    Are you sure you want to
    Your message goes here
    Processing…
  • jasonrboggess Jason Boggess I guess I don't understand. You can manually execute any javascript from the client anyway just by typing 'javascript:{...}' in the address bar of any modern browser and the webkit browsers have a console where you can type and execute your own javascript commands, so if one wanted to call APIs from his own client, he could easily do it without js injection....

    I guess someone could create a malicious link as in the examples, but http could be configured not to run cross domains so you can't extract any information from any http request. Most sites require authentication before you access sensitive information anyway, so for the 'attack' to have any effect you would have to be logged in in one tab and then click on a link in another that redirects you back to a hacked page on the first, which would be a strange thing to do.
    1 year ago
    Are you sure you want to
    Your message goes here
    Processing…
  • orysegal Ory Segal, Principal Product Architect, Cloud Security at Akamai Technologies FYI - JSA has been improved greatly recently, and now actually located that 40% of the F500 web sites are actually vulnerable! 2 years ago
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Client-side JavaScript Vulnerabilities Client-side JavaScript Vulnerabilities Presentation Transcript