Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
DIMVA
2007
2007
Protecting the Intranet Against "JavaScript Malware" and Related Attacks
The networking functionality of JavaScript is restricted by the Same Origin Policy (SOP). However, as the SOP applies on a document level, JavaScript still possesses certain functionality for cross domain communication. These capabilities can be employed by malicious JavaScript to gain access to intranet resources from the outside. In this paper we exemplify capabilities of such scripts. To protect intranet hosts against JavaScript based threats, we then propose three countermeasures: Element Level SOP, rerouting of cross-site requests, and restricting the local network. These approaches are discussed concerning their respective protection potential and disadvantages. Based on this analysis, the most promising approach, restricting the local network, is evaluated practically. We’re entering a time when XSS has become the new Buffer Overflow and JavaScript Malware is the new shellcode. Jeremiah Grossman [6]
Real-time Traffic| Added | 29 Oct 2010 |
| Updated | 29 Oct 2010 |
| Type | Conference |
| Year | 2007 |
| Where | DIMVA |
| Authors | Martin Johns, Justus Winter |
Comments (0)
Researcher Info
|
