As promised in my last blog post, we recently published a new whitepaper on the subject of client-side JavaScript vulnerabilities.
Below you can find a short excerpt from the whitepaper:
In the past 10 years, many whitepapers, research articles, and blogs have been published on the subject of server-side web application vulnerabilities such as SQL Injection, Cross-Site Scripting, and HTTP response splitting. In addition, several projects such as the WASC Web Hacking Incident Database or the WASC Statistics project have tried to estimate the incidence of such issues in the real world. On the other hand, there is a dearth of information and statistics on the incidence of client-side JavaScript vulnerabilities in web applications, even though these vulnerabilities are just as severe as their server-side counterparts. We suspect that the main reason for this lack of information is simply because client-side vulnerabilities are harder to locate, and require deep knowledge of JavaScript and the ability to perform code review for HTML pages and JavaScript files.
As Web 2.0, AJAX applications and rich internet applications (RIAs) become more common, client-side JavaScript vulnerabilities will probably become more relevant, and we foresee a rise in the amount of such issues being exploited by malicious hackers.
This whitepaper presents the results of a research recently performed by the IBM Rational Application Security group into the prevalence of client-side JavaScript vulnerabilities. For this research, we used a new IBM technology called JavaScript Security Analyzer (JSA), which performs static taint analysis on JavaScript code that was collected from web pages extracted by an automated deep web crawl process. This kind of analysis is superior to and more accurate than regular static taint analysis of JavaScript code, as it includes the entire JavaScript codebase in its natural environment: fully rendered HTML pages and the browser’s Document Object Model (DOM).The research used a sample group of approximately 675 websites, consisting of all the Fortune 500 companies and another 175 handpicked web sites, including IT, Web application security vendors, and social networking sites.
The whitepaper can be downloaded at the following address: Close Encounters of the Third Kind
* I would like to thank Amit Klein & Jeremiah Grossman for reviewing the whitepaper and sending me their feedbac
BTW – we have a problem with the blogging platform, and cannot accept any comments at this time
