The Experts below are selected from a list of 9 Experts worldwide ranked by ideXlab platform
Sammie Bae - One of the best experts on this subject based on the ideXlab platform.
-
Javascript Strings
JavaScript Data Structures and Algorithms, 2019Co-Authors: Sammie BaeAbstract:This chapter will focus on working with Strings, the Javascript String object, and the String object’s built-in functions. You will learn how to access, compare, decompose, and search Strings for commonly used real-life purposes. In addition, the chapter will explore String encoding, decoding, encryption, and decryption. By the end of this chapter, you will understand how to effectively work with Javascript Strings and have a fundamental understanding of String encoding and encryption.
Brij B. Gupta - One of the best experts on this subject based on the ideXlab platform.
-
XSS-immune: a Google chrome extension-based XSS defensive framework for contemporary platforms of web applications
Security and Communication Networks, 2016Co-Authors: Shashank Gupta, Brij B. GuptaAbstract:In this paper, the authors analyzed and discussed the performance issues in the existing cross-site scripting XSS filters and based on that, proposed a Javascript String comparison and context-aware sanitization-based framework, XSS-immune. It is a browser-resident framework that compares the set of scripts embedded in hypertext transfer protocol request HREQ and hypertext transfer protocol response HRES for discovering any similar untrusted/malicious Javascript code. This similar code points towards the untrusted Javascript code that will be utilized by an attacker to exploit the vulnerabilities of XSS worms. In addition, our technique determines the context of such worms and performs the sanitization on them accordingly for alleviating the effect of such XSS worms from the real world web applications. We have also introduced a mechanism that can detect the injection of malicious parameter values by modifying the existing Javascript code, that is, partial script injections. The prototype of XSS-immune was developed in Java and installed as an extension on the Google Chrome. In addition, we have verified the implementation of our design of prototype against five open-source XSS attack vector repositories, and very few XSS attack worms were able to evade our proposed design. Experimental evaluation and testing of XSS-immune were performed by adding support from the tested suite of real world web applications. The performance evaluation results revealed that our framework is able to detect the XSS worms with acceptable low false positive and false negative rate in comparison with the performance of existing XSS filters. Experimental results also incurred acceptable runtime overhead because of minor alterations on client-side browser and computationally fast execution of modules deployed in our browser-resident framework. Copyright © 2016 John Wiley & Sons, Ltd.
Shashank Gupta - One of the best experts on this subject based on the ideXlab platform.
-
XSS-immune: a Google chrome extension-based XSS defensive framework for contemporary platforms of web applications
Security and Communication Networks, 2016Co-Authors: Shashank Gupta, Brij B. GuptaAbstract:In this paper, the authors analyzed and discussed the performance issues in the existing cross-site scripting XSS filters and based on that, proposed a Javascript String comparison and context-aware sanitization-based framework, XSS-immune. It is a browser-resident framework that compares the set of scripts embedded in hypertext transfer protocol request HREQ and hypertext transfer protocol response HRES for discovering any similar untrusted/malicious Javascript code. This similar code points towards the untrusted Javascript code that will be utilized by an attacker to exploit the vulnerabilities of XSS worms. In addition, our technique determines the context of such worms and performs the sanitization on them accordingly for alleviating the effect of such XSS worms from the real world web applications. We have also introduced a mechanism that can detect the injection of malicious parameter values by modifying the existing Javascript code, that is, partial script injections. The prototype of XSS-immune was developed in Java and installed as an extension on the Google Chrome. In addition, we have verified the implementation of our design of prototype against five open-source XSS attack vector repositories, and very few XSS attack worms were able to evade our proposed design. Experimental evaluation and testing of XSS-immune were performed by adding support from the tested suite of real world web applications. The performance evaluation results revealed that our framework is able to detect the XSS worms with acceptable low false positive and false negative rate in comparison with the performance of existing XSS filters. Experimental results also incurred acceptable runtime overhead because of minor alterations on client-side browser and computationally fast execution of modules deployed in our browser-resident framework. Copyright © 2016 John Wiley & Sons, Ltd.
Engin Kirda - One of the best experts on this subject based on the ideXlab platform.
-
DIMVA - Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks
Detection of Intrusions and Malware and Vulnerability Assessment, 2009Co-Authors: Manuel Egele, Peter Wurzinger, Christopher Kruegel, Engin KirdaAbstract:Drive-by download attacks are among the most common methods for spreading malware today. These attacks typically exploit memory corruption vulnerabilities in web browsers and browser plug-ins to execute shellcode, and in consequence, gain control of a victim's computer. Compromised machines are then used to carry out various malicious activities, such as joining botnets, sending spam emails, or participating in distributed denial of service attacks. To counter drive-by downloads, we propose a technique that relies on x86 instruction emulation to identify Javascript String buffers that contain shellcode. Our detection is integrated into the browser, and performed before control is transfered to the shellcode, thus, effectively thwarting the attack. The solution maintains fair performance by avoiding unnecessary invocations of the emulator, while ensuring that every buffer with potential shellcode is checked. We have implemented a prototype of our system, and evaluated it over thousands of malicious and legitimate web sites. Our results demonstrate that the system performs accurate detection with no false positives.
Manuel Egele - One of the best experts on this subject based on the ideXlab platform.
-
DIMVA - Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks
Detection of Intrusions and Malware and Vulnerability Assessment, 2009Co-Authors: Manuel Egele, Peter Wurzinger, Christopher Kruegel, Engin KirdaAbstract:Drive-by download attacks are among the most common methods for spreading malware today. These attacks typically exploit memory corruption vulnerabilities in web browsers and browser plug-ins to execute shellcode, and in consequence, gain control of a victim's computer. Compromised machines are then used to carry out various malicious activities, such as joining botnets, sending spam emails, or participating in distributed denial of service attacks. To counter drive-by downloads, we propose a technique that relies on x86 instruction emulation to identify Javascript String buffers that contain shellcode. Our detection is integrated into the browser, and performed before control is transfered to the shellcode, thus, effectively thwarting the attack. The solution maintains fair performance by avoiding unnecessary invocations of the emulator, while ensuring that every buffer with potential shellcode is checked. We have implemented a prototype of our system, and evaluated it over thousands of malicious and legitimate web sites. Our results demonstrate that the system performs accurate detection with no false positives.
