The Experts below are selected from a list of 8952 Experts worldwide ranked by ideXlab platform
Giovanni Vigna - One of the best experts on this subject based on the ideXlab platform.
-
Detection and analysis of drive-bydownload attacks and malicious Javascript Code
2015Co-Authors: Marco Cova, Christopher Kruegel, Giovanni VignaAbstract:Javascript is a browser scripting language that allows developers to create sophisticated client-side interfaces for web applications. However, Javascript Code is also used to carry out attacks against the user’s browser and its extensions. These attacks usually result in the download of additional malware that takes complete con-trol of the victim’s platform, and are, therefore, called “drive-by downloads. ” Unfortunately, the dynamic nature of the Javascript language and its tight integration with the browser make it difficult to detect and block malicious Javascript Code. This paper presents a novel approach to the detection and analy-sis of malicious Javascript Code. Our approach combines anomaly detection with emulation to automatically identify malicious Java-Script Code and to support its analysis. We developed a system that uses a number of features and machine-learning techniques to es-tablish the characteristics of normal Javascript Code. Then, during detection, the system is able to identify anomalous Javascript Code by emulating its behavior and comparing it to the established pro-files. In addition to identifying malicious Code, the system is able to support the analysis of obfuscated Code and to generate detection signatures for signature-based systems. The system has been made publicly available and has been used by thousands of analysts
-
detection and analysis of drive by download attacks and malicious Javascript Code
The Web Conference, 2010Co-Authors: Marco Cova, Christopher Kruegel, Giovanni VignaAbstract:Javascript is a browser scripting language that allows developers to create sophisticated client-side interfaces for web applications. However, Javascript Code is also used to carry out attacks against the user's browser and its extensions. These attacks usually result in the download of additional malware that takes complete control of the victim's platform, and are, therefore, called "drive-by downloads." Unfortunately, the dynamic nature of the Javascript language and its tight integration with the browser make it difficult to detect and block malicious Javascript Code. This paper presents a novel approach to the detection and analysis of malicious Javascript Code. Our approach combines anomaly detection with emulation to automatically identify malicious Javascript Code and to support its analysis. We developed a system that uses a number of features and machine-learning techniques to establish the characteristics of normal Javascript Code. Then, during detection, the system is able to identify anomalous Javascript Code by emulating its behavior and comparing it to the established profiles. In addition to identifying malicious Code, the system is able to support the analysis of obfuscated Code and to generate detection signatures for signature-based systems. The system has been made publicly available and has been used by thousands of analysts.
-
Client-side cross-site scripting protection
Computers & Security, 2009Co-Authors: Engin Kirda, Christopher Kruegel, Nenad Jovanović, Giovanni VignaAbstract:Web applications are becoming the dominant way to provide access to online services. At the same time, web application vulnerabilities are being discovered and disclosed at an alarming rate. Web applications often make use of Javascript Code that is embedded into web pages to support dynamic client-side behavior. This script Code is executed in the context of the user's web browser. To protect the user's environment from malicious Javascript Code, browsers use a sand-boxing mechanism that limits a script to access only resources associated with its origin site. Unfortunately, these security mechanisms fail if a user can be lured into downloading malicious Javascript Code from an intermediate, trusted site. In this case, the malicious script is granted full access to all resources (e.g., authentication tokens and cookies) that belong to the trusted site. Such attacks are called cross-site scripting (XSS) attacks. In general, XSS attacks are easy to execute, but difficult to detect and prevent. One reason is the high flexibility of HTML encoding schemes, offering the attacker many possibilities for circumventing server-side input filters that should prevent malicious scripts from being injected into trusted sites. Also, devising a client-side solution is not easy because of the difficulty of identifying Javascript Code as being malicious. This paper presents Noxes, which is, to the best of our knowledge, the first client-side solution to mitigate cross-site scripting attacks. Noxes acts as a web proxy and uses both manual and automatically generated rules to mitigate possible cross-site scripting attempts. Noxes effectively protects against information leakage from the user's environment while requiring minimal user interaction and customization effort.
-
Detecting malicious Javascript Code in Mozilla
10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05), 2005Co-Authors: O. Hallaraker, Giovanni VignaAbstract:The Javascript language is used to enhance the client-side display of web pages. Javascript Code is downloaded into browsers and executed on-the-fly by an embedded interpreter. Browsers provide sand-boxing mechanisms to prevent Javascript Code from compromising the security of the client's environment, but, unfortunately, a number of attacks exist that can be used to steal users' credentials (e.g., cross-site scripting attacks) and lure users into providing sensitive information to unauthorized parties (e.g., phishing attacks). We propose an approach to solve this problem that is based on monitoring Javascript Code execution and comparing the execution to high-level policies, to detect malicious Code behavior. To achieve this goal it is necessary to provide a mechanism to audit the execution of Javascript Code. This is a difficult task, because of the close integration of Javascript with complex browser applications, such as Mozilla. This paper presents the first existing implementation of an auditing system for Javascript interpreters and discusses the pitfalls and lessons learned in developing the auditing mechanism.
Ali Mesbah - One of the best experts on this subject based on the ideXlab platform.
-
dompletion dom aware Javascript Code completion
Automated Software Engineering, 2014Co-Authors: Kartik Bajaj, Karthik Pattabiraman, Ali MesbahAbstract:Javascript is a scripting language that plays a prominent role in modern web applications. It is dynamic in nature and interacts heavily with the Document Object Model (DOM) at runtime. These characteristics make providing Code completion support to Java- Script programmers particularly challenging. We propose an auto- mated technique that reasons about existing DOM structures, dynamically analyzes the Javascript Code, and provides Code completion suggestions for Javascript Code that interacts with the DOM through its APIs. Our automated Code completion scheme is implemented in an open source tool called DOMPLETION. The results of our empirical evaluation indicate that (1) DOM structures exhibit patterns, which can be extracted and reasoned about in the con- text of Code completion suggestions; (2) DOMPLETION can pro- vide Code completion suggestions with a recall of 89%, precision of 90%, and an average time of 2.8 seconds.
-
understanding Javascript event based interactions
International Conference on Software Engineering, 2014Co-Authors: Saba Alimadadi, Sheldon Sequeira, Ali Mesbah, Karthik PattabiramanAbstract:Web applications have become one of the fastest growing types of software systems today. Despite their popularity, understanding the behaviour of modern web applications is still a challenging endeavour for developers during development and maintenance tasks. The challenges mainly stem from the dynamic, event-driven, and asynchronous nature of the Javascript language. We propose a generic technique for capturing low-level event-based interactions in a web application and mapping those to a higher-level behavioural model. This model is then transformed into an interactive visualization, representing episodes of triggered causal and temporal events, related Javascript Code executions, and their impact on the dynamic DOM state. Our approach, implemented in a tool called Clematis, allows developers to easily understand the complex dynamic behaviour of their application at three different semantic levels of granularity. The results of our industrial controlled experiment show that Clematis is capable of improving the task accuracy by 61%, while reducing the task completion time by 47%.
-
software engineering for the web the state of the practice
International Conference on Software Engineering, 2014Co-Authors: Alex Nederlof, Ali Mesbah, Arie Van DeursenAbstract:Today’s web applications increasingly rely on client-side Code execution. HTML is not just created on the server, but manipulated extensively within the browser through Javascript Code. In this paper, we seek to understand the software engineering implications of this. We look at deviations from many known best practices in such areas of performance, accessibility, and correct structuring of HTML documents. Furthermore, we assess to what extent such deviations manifest themselves through client-side Code manipulation only. To answer these questions, we conducted a large scale experiment, involving automated client-enabled crawling of over 4000 web applications, resulting in over 100,000,000 pages analyzed, and close to 1,000,000 unique client-side user interface states. Our findings show that the majority of sites contain a substantial number of problems, making sites unnecessarily slow, inaccessible for the visually impaired, and with layout that is unpredictable due to errors in the dynamically modified DOM trees.
-
jsnose detecting Javascript Code smells
Source Code Analysis and Manipulation, 2013Co-Authors: Amin Milani Fard, Ali MesbahAbstract:Javascript is a powerful and flexible prototype-based scripting language that is increasingly used by developers to create interactive web applications. The language is interpreted, dynamic, weakly-typed, and has first-class functions. In addition, it interacts with other web languages such as CSS and HTML at runtime. All these characteristics make Javascript Code particularly error-prone and challenging to write and maintain. Code smells are patterns in the source Code that can adversely influence program comprehension and maintainability of the program in the long term. We propose a set of 13 Javascript Code smells, collected from various developer resources. We present a Javascript Code smell detection technique called JSNOSE. Our metric-based approach combines static and dynamic analysis to detect smells in client-side Code. This automated technique can help developers to spot Code that could benefit from refactoring. We evaluate the smell finding capabilities of our technique through an empirical study. By analyzing 11 web applications, we investigate which smells detected by JSNOSE are more prevalent.
-
jsnose detecting Javascript Code smells
Source Code Analysis and Manipulation, 2013Co-Authors: Amin Milani Fard, Ali MesbahAbstract:Javascript is a powerful and flexible prototype-based scripting language that is increasingly used by developers to create interactive web applications. The language is interpreted, dynamic, weakly-typed, and has first-class functions. In addition, it interacts with other web languages such as CSS and HTML at runtime. All these characteristics make Javascript Code particularly error-prone and challenging to write and maintain. Code smells are patterns in the source Code that can adversely influence program comprehension and maintainability of the program in the long term. We propose a set of 13 Javascript Code smells, collected from various developer resources. We present a Javascript Code smell detection technique called JSNOSE. Our metric-based approach combines static and dynamic analysis to detect smells in client-side Code. This automated technique can help developers to spot Code that could benefit from refactoring. We evaluate the smell finding capabilities of our technique through an empirical study. By analyzing 11 web applications, we investigate which smells detected by JSNOSE are more prevalent.
Yaoyao Qiu - One of the best experts on this subject based on the ideXlab platform.
-
detecting malicious Javascript Code based on semantic analysis
Computers & Security, 2020Co-Authors: Yong Fang, Cheng Huang, Yaoyao QiuAbstract:Abstract Web development technology has undergone tremendous evolution, the creation of Javascript has greatly enriched the interactive capabilities of the client. However, attackers use the dynamics feature of Javascript language to embed malicious Code into web pages for the purpose of drive-by-download, redirection, etc. The traditional method based on static feature detection is difficult to detect the malicious Code after obfuscation, and the method based on dynamic analysis has low efficiency. To overcome these challenges, this paper proposes a static detection model based on semantic analysis. The model firstly generates an abstract syntax tree from Javascript source Codes, then automatically converts them to syntactic unit sequences. FastText algorithm is introduced to training word vectors. The syntactic unit sequences are represented as word vectors which will be input into Bi-LSTM network with attention mechanism. The detection model with Bi-LSTM network with attention mechanism is the key to detect malicious Javascript. We experimented with the dataset using a five-fold cross-validation method. Experiments showed that the model can effectively detect obfuscated malicious Javascript Code and improve the detection speed, with a precision of 0.977 and recall of 0.974.
Shashank Gupta - One of the best experts on this subject based on the ideXlab platform.
-
a client server Javascript Code rewriting based framework to detect the xss worms from online social network
Concurrency and Computation: Practice and Experience, 2019Co-Authors: Shashank Gupta, Brij B. Gupta, Pooja ChaudharyAbstract:Today, many OSNs have tens of millions of active users. One of the popular OSN is Facebook with greater than 1 billion vigorous users.1 Social networking is not limited to informal use; however, it is too used for formal purposes. The user on these networks stores the pool of information (personal/professional), therefore, hackers are paying more attention toward these sites. Hackers can make use of this accessible information for their malicious activities.2-7 To offer online users with enhanced services, the OSNs utilize the capabilities of Javascript or related contemporary platforms of programming language. The support for such language platforms provides fertile platform for JS worm injection vulnerabilities. The injection of suchworms gives rise to Cross-Site Scripting (XSS) attacks onweb applications.8-12 Such vulnerabilities are present inweb applications because of the incorrectly validated user input. Furthermore, extenuating all possible JS worm injections is infeasible due to the size and intricacy of modern web application and the various ways that browsers call upon their JS engines. Initially, when XSS was exploited due to the injection of JS worm, it was classified in 2 categories: stored XSS and non-persistent XSS. Later on, a third category of XSS, ie, DOM-based XSS, was defined in 2005. Figure 1 shows the statistics of 2016 by white hat13 that this attack is a noteworthy concern on each platform of different languages exploited by contemporary platforms of the web.
-
Defending the OSN-Based Web Applications from XSS Attacks Using Dynamic Javascript Code and Content Isolation
Quality IT and Business Operations, 2018Co-Authors: Pooja Chaudhary, B. B. Gupta, Shashank GuptaAbstract:Online social networks (OSNs) are continuously suffering from the plague of cross-site scripting (XSS) vulnerabilities. This article presents a contemporary XSS defensive framework for the OSN-based web applications that is completely based on the context type qualifier. The proposed framework executes in two key phases: Context-Aware Sanitization Generator (CASG) and Context-Aware Dynamic Parsing (CADP). The former phase performs the static analysis of HTML document to determine the context of the untrusted Javascript Code. In addition to this, it also injects the context-sensitive sanitizers in the location of the untrusted Javascript Code. The later phase performs the dynamic parsing of HTML document generated by the first phase. The main objective of this phase is to determine the context of the untrusted malicious script Code that is statically ambiguous to identify in the first phase. It also performs the sanitization depending on the context identified. The testing and evaluation of proposed framework was done on a tested suite of real-world OSN-based web applications (e.g., HumHub and Elgg). The experimental results revealed that the proposed framework is capable of implementing auto-context aware sanitization on the untrusted Javascript malicious Code with less number of false positives and false negatives. Evaluation outcomes also revealed that the technique has accomplished the untrusted malicious Javascript Code isolation in the HTML document generated by OSN-based web applications for mitigating the effect of XSS worms with less dynamic runtime overhead.
-
SFC: A Three Layer Smart Phone-Fag-Cloud Framework for Defending Against Javascript Code Injection Vulnerabilities on OSN
2018 8th International Conference on Cloud Computing Data Science & Engineering (Confluence), 2018Co-Authors: Shashank Gupta, B. B. GugtaAbstract:This article introduced a Fog centric model in the proximity of smart phone devices and virtual Cloud Data Centers (CDC) that senses and avoids an execution of Javascript Code injection vulnerabilities on Online Social Network (OSN). Such offline CDC statically computes the features of clustered-sanitized compressed patterns of Javascript attack vectors embedded in the HTTP response messages and inject them on the online edge servers of Fog Computing network. The online edge web server dynamically re-computes the features of Javascript Code and compares these features with the statically calculated features in offline mode. Any discrepancy observed in these features will alarm the signal of injection of malicious script Code on the edge server. The prototype of our Fog centric framework was developed in Java and installed on the offline virtual machines of Cloud platforms and online edge servers of Fog computing architecture. The online evaluation results exposed that the Javascript attack vectors sensing rate of our work is high with tolerable rate of False Negatives (FNs), False Positives (FPs) and lesser overall performance overhead during the peak congestion of generation of sanitized HTTP response on the fog nodes.
-
js san defense mechanism for html5 based web applications against Javascript Code injection vulnerabilities
Security and Communication Networks, 2016Co-Authors: Shashank Gupta, Brij B. GuptaAbstract:This paper presents an injection and clustering-based sanitization framework, i.e. JS-SAN (Javascript SANitizer) for the mitigation of JS Code injection vulnerabilities. It generates an attack vector template by performing the clustering on the extracted JS attack vector payloads corresponding to their level of similarity. As a result, it then sanitizes the extracted JS attack vector template by an automated technique of placement of sanitizers in the source Code of generated templates of web applications. We have also performed the deepest possible crawling of web pages for finding the possible user-injection points and injected the latest HTML5-based XSS attack vectors for testing the mitigation capability of our framework. The implementation of our design was done on the browser-side Javascript library and tested as an extension on the Google Chrome. The attack mitigation capability of JS-SAN was evaluated by incorporating the support from a tested suite of open source web applications that are vulnerable to JS Code injection vulnerabilities. The proposed framework validates its novelty by producing a less rate of false negatives and tolerable runtime overhead as compared to existing sanitization-based approaches. Copyright © 2016 John Wiley & Sons, Ltd.
-
Automated Discovery of Javascript Code Injection Attacks in PHP Web Applications
Procedia Computer Science, 2016Co-Authors: Shashank Gupta, Brij B. GuptaAbstract:This paper discussed some of the performance issues in the existing defensive solutions of Java Script injection attacks (e.g. Cross-Site Scripting (XSS) attacks). Moreover, a high level of comparison for such existing solutions has been done based on some useful metrics. Based on the identified performance issues, this paper proposed an automated detection system, which scans the numerous possible locations of web sites for Javascript injection vulnerabilities. Our detection system, firstly, scans the web site for discovering the injection locations. Secondly, it injects the malicious XSS attack vectors in such injection points. Lastly, it takes an input as the list of different XSS attacks exploited in the second step and scan for these attacks in the vulnerable web application. Detection capability of our automated system is evaluated on a real world PHP web application i.e. BlogIt and results obtained are very promising.
Karthik Pattabiraman - One of the best experts on this subject based on the ideXlab platform.
-
dompletion dom aware Javascript Code completion
Automated Software Engineering, 2014Co-Authors: Kartik Bajaj, Karthik Pattabiraman, Ali MesbahAbstract:Javascript is a scripting language that plays a prominent role in modern web applications. It is dynamic in nature and interacts heavily with the Document Object Model (DOM) at runtime. These characteristics make providing Code completion support to Java- Script programmers particularly challenging. We propose an auto- mated technique that reasons about existing DOM structures, dynamically analyzes the Javascript Code, and provides Code completion suggestions for Javascript Code that interacts with the DOM through its APIs. Our automated Code completion scheme is implemented in an open source tool called DOMPLETION. The results of our empirical evaluation indicate that (1) DOM structures exhibit patterns, which can be extracted and reasoned about in the con- text of Code completion suggestions; (2) DOMPLETION can pro- vide Code completion suggestions with a recall of 89%, precision of 90%, and an average time of 2.8 seconds.
-
understanding Javascript event based interactions
International Conference on Software Engineering, 2014Co-Authors: Saba Alimadadi, Sheldon Sequeira, Ali Mesbah, Karthik PattabiramanAbstract:Web applications have become one of the fastest growing types of software systems today. Despite their popularity, understanding the behaviour of modern web applications is still a challenging endeavour for developers during development and maintenance tasks. The challenges mainly stem from the dynamic, event-driven, and asynchronous nature of the Javascript language. We propose a generic technique for capturing low-level event-based interactions in a web application and mapping those to a higher-level behavioural model. This model is then transformed into an interactive visualization, representing episodes of triggered causal and temporal events, related Javascript Code executions, and their impact on the dynamic DOM state. Our approach, implemented in a tool called Clematis, allows developers to easily understand the complex dynamic behaviour of their application at three different semantic levels of granularity. The results of our industrial controlled experiment show that Clematis is capable of improving the task accuracy by 61%, while reducing the task completion time by 47%.
-
Javascript errors in the wild an empirical study
International Symposium on Software Reliability Engineering, 2011Co-Authors: Frolin S Ocariza, Karthik Pattabiraman, Benjamin G ZornAbstract:Client-side Javascript is being widely used in popular web applications to improve functionality, increase responsiveness, and decrease load times. However, it is challenging to build reliable applications using Javascript. This paper presents an empirical characterization of the error messages printed by Javascript Code in web applications, and attempts to understand their root causes. We find that Javascript errors occur in production web applications, and that the errors fall into a small number of categories. We further find that both non-deterministic and deterministic errors occur in the applications, and that the speed of testing plays an important role in exposing errors. Finally, we study the correlations among the static and dynamic properties of the application and the frequency of errors in it in order to understand the root causes of the errors.
