检索结果-南通市图书馆

CSRF protection in JavaScript frameworks and the security of JavaScript applications

High-Confidence Computing 2021年第2期1卷 7-13页

作者： Ksenia Peguero Xiuzhen Cheng Department of Computer Science George Washington UniversityWashington D.C.USA School of Computer Science and Technology Shandong UniversityChina

With JavaScript being the most popular programming language on the web,several new JavaScript frameworks are released every year.A well designed framework may help developers create secure *** goal of our study is to understand how framework developers can best protect applications developed using their *** this work we studied how cross-site request forgery vulnerability is mitigated in several server-side JavaScript frameworks:***,***,***,***,and *** then analyzed open source applications developed with these frameworks using open source and custom written tools for automated static analysis and identified the percentage of protected applications for each *** correlated our analysis results to the implementation levels of mitigating controls in each framework and performed statistical analysis of our results to ensure no other confounding factors were *** on the received outcomes we provide recommendations for framework developers on how to create frameworks that produce secure applications.

关键词： JavaScript security Web security Web frameworks Framework analysis cross-site request forgery

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Design & Test of an Advanced Web Security Analysis Tool (AWSAT)

引用

Journal of Software Engineering and Applications 2024年第5期17卷 448-461页

作者： Meenakshi S. P. Manikandaswamy Vijay Madisetti School of Cybersecurity and Privacy Georgia Institute of Technology Atlanta USA

Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for non-security professionals. This paper presents the design and implementation of an automated web security analysis tool, AWSAT, aimed at enabling individuals with limited security expertise to effectively assess and mitigate vulnerabilities in web applications. Leveraging advanced scanning techniques, the tool identifies common threats such as cross-site Scripting (XSS), SQL Injection, and cross-site request forgery (CSRF), providing detailed reports with actionable insights. By integrating sample payloads and reference study links, the tool facilitates informed decision-making in enhancing the security posture of web applications. Through its user-friendly interface and robust functionality, the tool aims to democratize web security practices, empowering a wider audience to proactively safeguard against cyber threats.

关键词： Web Security Automated Analysis Vulnerability Assessment Web Scanning cross-site Scripting SQL Injection cross-site request forgery

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

欢迎您,

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

在线全文

在线全文

请选择保存的检索档案：

请选择收藏分类：

通借通还

欢迎您,

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

在线全文

在线全文

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：