Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

Security - Introduction to Java Script - Lecture Slides, Slides of Javascript programming

Jaypee University of Information TechnologyJavascript programming

Here is my collection on JavaScript lectures. It includes tutorials as well as general concepts explanations. Particularly these slides contain: Security, Javascript Sandbox, Malicious Web, Same Origin Policy, Javascript Global Object, Protecting Javascript, Cross-Site Scripting, Myspace, Cross-Site Request Forgery, Dns Attacks, Escape Output

Typology: Slides

2013/2014

Uploaded on 01/29/2014

surii
surii 🇮🇳

3.5

(13)

130 documents

1 / 41

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
JavaScript Security
docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29

Partial preview of the text

Download Security - Introduction to Java Script - Lecture Slides and more Slides Javascript programming in PDF only on Docsity!

JavaScript Security

Living in a powder keg and giving off sparks

  • JavaScript security is a mess
  • The security model is outdated
  • Key examples
  • Attacking DNS to attack JavaScript
  • What are we going to do?

The Death of the PC

  • If all your documents are in the cloud, what good is protecting your PC?
  • The JavaScript sandbox does nothing to prevent cloud attacks
  • Who cares if a web site is prevented from reading your “My Documents”: it’s empty

The Same Origin Policy

  • Scripts running on one page can’t interact with other pages
  • For example, scripts loaded by jgc.org can’t access virusbtn.com
  • But the Same Origin Policy doesn’t apply to the scripts themselves

Multiple

JavaScript Global Object

  • JavaScript is inherently a ‘global’ language
  • Variables have global scope
  • Functions have global scope
  • Objects inherit from a global object

JavaScript is everywhere

  • -

Cross-Site Request Forgery

  • Hijack cookies to use a session for bad purposes
  • Enhance with JavaScript for complex transactions.

CSRF Example: Google Mail

  • Steal authenticated user’s contact http://docs.google.com/data/contacts?out=js&sh ow=ALL&psort=Affinity&callback=google&max= 9 google ({ Success: true, Errors: [], Body: {…