Code-Injection Attacks in Browsers Supporting Policies
Source: Foundation for Research and Technology - FORTH
Code-injection attacks can take place in a large variety of layers, from native code to databases and web applications. The latter case involves mainly client-side code injection in the browser environment, also known as Cross-Site Scripting (XSS). There are numerous ways to defeat XSS attacks, from static and taint analysis to policy enforcement in the web browser. This paper enlists new forms of XSS attacks that seek to bypass browser enforced policies. The attacks outlined in this paper resemble the classic return-to-libc attack in native code. The paper proposes a new form of code isolation, based on browser actions, in order to mitigate the problem.
| Format: | Size: | 98.20 | |
| Date: | Apr 2009 |
People who downloaded this item also downloaded
- A Framework for Detection and Measurement of Phishing Attacks
- Empowering Browser Security for Mobile Devices Using Smart CDNs
- Exploiting XML Dom for Restricted Access of Information
- Web Security: PHP Exploits and the SQL Injection Attack
- Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code
