Thursday, April 8, 2010

Hacking Web 2.0 JavaScript

Hacking Web 2.0 JavaScript - Reverse Engineering,Discovery and Revelations

Traditionally a large number of applications were carried out without the intervention of global networks like the Internet.But now, as the Web 2.0 era is emerging at an increasingly fast rate today and is here to stay, these applications are becoming increasingly dependent on the internet as a foundation platform.As the application domain increases worldwide, the variety in the kind of web content also increases and rises above mere traditional HTML.The kind of enhancements brought about in HTML pages, as viewed by a client, are introduced by technologies such as JavaScript,Flash and Silverlight.Since, these applications are widely growing and becoming crucial, here the intention is to throw light on the methods to look for security loopholes such as XSS (Cross-Site Scripting) in JavaScript, specific to the Web 2.0 implementations of the same which consume information from the un-trusted sources. The methods described pertain to static as well as dynamic analysis.Tools that have been employed in this paper are

– Static Code Analysis of JavaScript by AppCodeScan ( http://
– Dynamic Debugging and Analysis by using firebug with DOM context

Download PDF

No comments: