The document outlines security challenges in JavaScript applications, including examples from SAP UI5, Apache Cordova, and HANA XS Engine. It discusses common vulnerabilities like cross-site scripting, insecure functions, and secrets stored in source code. Specific issues addressed include prototype-based inheritance risks in SAP UI5, the JavaScript to Java bridge in Cordova exposing more than intended, and SQL injection risks in HANA XS Engine applications. The goal is to help detect security problems during development for these application types.
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/2 Applications Areas of JavaScript
1. A Collection of Real World (JavaScript) Security Problems
Examples from 21/2 Applications Areas of JavaScript
Achim D. Brucker
achim.brucker@sap.com
SAP AG, Central Code Analysis Team
July 2, 2014