JavaScript and Security

by Davina V
This article is a bit interesting. First it gives an introduction to JavaScript and how most JavaScript related security problems relate to a breach of one of the two following restrictions: “First, all scripts run in a sandbox environment where they only have access to the web browser and not the system itself. Second, scripts are constrained by the same origin policy, where loaded in one document do not have access to data and scripts loaded in another document” (Meyer & Rabb, 2012). What is also interesting is that one of the main vulnerabilities in web applications is a document that loads scripts from many different sources this includes applications for necessary activities such as advertisement and analytics tracking. They are doing a case study on their own framework, HotSausage. HotSausage JavaScript Framework “aims to provide JavaScript programmers with a rich set of functionality that  is not provided by the standard library. The base HotSausage module contains general settings for the framework along with setup and structure for all the submodules it contains” (Meyer & Rabb, 2012).

This article was an interesting way to look at internet security and framework. The only thing is that they did it on their own framework. It feels more like advertising than a case study. It was interesting to expand on what I learned in class.

Source:

Meyer, C., & Rabb, M. (2012). Javascript: Bringing object-level security to the browser. IDEALS, Retrieved from http://hdl.handle.net/2142/29944