• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Client-side JavaScript Vulnerabilities
 

Client-side JavaScript Vulnerabilities

on

  • 17,976 views

Automatically detecting client side JavaScript vulnerabilities using IBM Rational AppScan and JavaScript Security Analyzer (hybrid analysis)

Automatically detecting client side JavaScript vulnerabilities using IBM Rational AppScan and JavaScript Security Analyzer (hybrid analysis)

Statistics

Views

Total Views
17,976
Views on SlideShare
17,957
Embed Views
19

Actions

Likes
4
Downloads
151
Comments
3

4 Embeds 19

https://twitter.com 10
http://twitter.com 7
http://a0.twimg.com 1
http://192.168.6.179 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

13 of 3 previous next Post a comment

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • nice
    Are you sure you want to
    Your message goes here
    Processing…
  • I guess I don't understand. You can manually execute any javascript from the client anyway just by typing 'javascript:{...}' in the address bar of any modern browser and the webkit browsers have a console where you can type and execute your own javascript commands, so if one wanted to call APIs from his own client, he could easily do it without js injection....

    I guess someone could create a malicious link as in the examples, but http could be configured not to run cross domains so you can't extract any information from any http request. Most sites require authentication before you access sensitive information anyway, so for the 'attack' to have any effect you would have to be logged in in one tab and then click on a link in another that redirects you back to a hacked page on the first, which would be a strange thing to do.
    Are you sure you want to
    Your message goes here
    Processing…
  • FYI - JSA has been improved greatly recently, and now actually located that 40% of the F500 web sites are actually vulnerable!
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Client-side JavaScript Vulnerabilities Client-side JavaScript Vulnerabilities Presentation Transcript