Matej Vehar (2017) Client-side code security analysis and practical application of CIA principles. MSc thesis.
Abstract
World Wide Web has become unimaginable without technologies such as JavaScript. More than 94% of web sites use dynamic content, which has increasingly powerful capabilities on clients. Web pages have become mashup of third party libraries, widgets with ads and user generated content that executes in browsers with enabled third party extensions. All those external dependencies are potential entry point for unwanted and malicious code, which can alter page functionalities or abuse sensitive content. In this master thesis we will analyse existing functionalities and approaches to increase security of web pages. Based on the outcomes and the overview of the most abused functions by the XSS attacks we will construct a program library. Purpose of the library will be to enhance security, integrity and availability of the sensitive functions within execution environment of the web content. The Design will be based on the object-capabilities model and will manifest proposed ideas by similar approaches. Since the library will modify execution environment, all modified functions will be tested for execution overhead.
Actions (login required)