Importance of JavaScript {1}

by Michael M
The article I read was interesting I was wondering why javascript was important for a webpage because why would you want to use java when you can use other stuff. But after reading the article it makes sense. When you look at a web page you usually judge a web site really quickly. Does it look professional or not. Is the page cluddered with links or are there things that stick out and grab your attention to the page. When you use Javascript you are pulling the visitors attention to your site because it looks professional and you are able to even plave slideshows on the page. It also doesnt need a server to validate information it can check required fields and give error messgaes if needed. The good thing about JavaScript is it can be placed in script files so it cant be ranked. If it was ranked with the code it lowers the ranking and since it can be placed in a folder it can be ranked higher then other sites. So Javascript is really benifical for someone that is a web developer and wants to have higher ratings and look professional. read more...

Malware in JavaScript? {3}

by Quoc L
In this age of mobile connectivity, hacker and exploiter is always looking for new technique in hide their malicious programs. ESET senior researcher have found a new malware exploit using JavaScript. These malware are hidden within the JavaScript OnMouseMove Event code. When  guest visit the compromised site and used their mouse, the malware will instantly active. The malware  avoid detection from security web crawler by reminding deactivate whenever there no mouse movement. Another technique that hacker use it by place snippet of code within a applet, which will later decode the applet and install the malicious software into your computer. read more...

AJAX Web Attacks, Futility of Anti-Virus {1}

by Vincent S
AJAX is an acronym for Asynchronous Javascript and XML.  It is a technology meant to combine various other web development technologies such as HTML and CSS in order to give greater options to developers.  This week in class, we introduced the concepts of Javascript and AJAX and are implementing them in project 2.  For that reason, I decided to report on an article this week I found in PCWorld magazine warning of the dangers associated with AJAX websites.  Like with most technologies, hackers have found ways to inject AJAX with malicious code in order to exploit backdoor vulnerabilities.  In recent cases, security experts have discovered a server in China that injects normal websites that contain AJAX code with malicious javascript code.  The point in performing the attack in this manner is so the malicious code will be disguised with typical AJAX code found on any website containing AJAX.  In attempts to further hide the malicious code, the AJAX attack disrupts the workload of a host PC as it interacts with scripts in the website.  Malicious Code is segmented into pieces and is reassembled before being executed by the client. read more...

Learning javaScript through a game {6}

by Daniel M
The article that i read was about a program called code hero. Basically code hero is a first person shooter style game that teaches you to code in Javascript, C#, and Python while you play it. In the game you run around with a gun that lets you copy and paste snippets of code in order to create and change the world around you. The game also allows gives you quests that you have to complete in order to complete the stages which are really just programs that you complete. The game seems to touch on all of the basics and even some more advanced stuff. The author of the article talks about how half of the time he didn’t even realize he was learning. The author talks about how he tried to pour over books and learn to code but it never worked until he tried this game. There is a video on the website that explains the game more in depth and what they are all about ( read more...

JavaScript make it easy {Comments Off on JavaScript make it easy}

by David H
The article that I read this week is about how JavaScript contributes efficiently to web. When we want to create a sophisticated user intranet pages, we can choose some of software to use for it. We can choose Macromedia, Shockwave, or other approach like one of scripting language such as Python. However, in the article the author mentions that if we use Shockwave it will occupy the overhead and resource. I think that is not a good choice to use it. In addition, Shockwave requires approximate 100 K bytes for presentation. Therefore, it was very hard to create form and validate for input on the simple Web pages. When JavaScript came out, it improves the web a lot.  JavaScript is script language. It can interpret at run time, therefore it makes it easy to test and create the program.  In addition, JavaScript was very secure for the web too. For example, “we can’t perform any kind of operation with local files so program can’t modify or access to users.” This shows that JavaScript implicitly compromise security. read more...

Difference Between Java and JavaScript {4}

by Jamal A
The article I read talks about the difference between Java and JavaScript.  They are essentially similar but somewhat different depending on how you look at them. According to the article, Java is an Object Oriented Programming (OOP) Language created by James Gosling of Sun Microsystems. However, JavaScript is a scripting language known as LiveScript. JavaScript contains a much smaller and simpler set of commands than Java does. It is easier for the average person to understand and much simpler for any individual to work with. The main difference between Java and JavaScript is that Java can stand on its own while JavaScript must be placed inside an HTML document to function. A Java is a fully contained program. It is a much larger and more complicated language that creates applications. However, JavaScript is text based. You write it to an HTML document and it is run through a browser. You can alter it after it runs and run it again and again. read more...

Protection againts Cross Site Scripting (XSS) {1}

by Antonio M
The authors of this article wrote about how to protect JavaScript code against
cross site scripting(XSS). XSS is considered to be one of the biggest weaknesses in
web-based programs. XSS usually done by entering JavaScript Code into HTML
contents,like for example an input text box or comment box on a web page. Once this
JavaScript code has been entered it can be possible for a hacker to access important
information that is available within the web site and transfer it to a third part
website. This is how phishing and “cross site request forgery” can happen. The authors
propose a server side approach in detecting JavaScript injections. How it works is when
they are writing JavaScript code they make sure to write comments before and after
the block of code in the JavaScript. Within these comment statements there will be a
certain identification number that will be kept on record. When ever a response page
is generated the server will check to make sure that each JavaScript code has that
certain identification number commented inside the block of code. When the identification
number can not be found with in the block of code, then that whole code is thrown out
because it will be considered to be injected and possibly harmful. read more...

Static Analysis for JavaScript Security {6}

by Daniel S
As discussed in class, JavaScript is a client-side scripting language for Web-application clients. The article presents ACTARUS, which is used for detecting security issues in JavaScript programs.  ACTARUS is a novel taint-analysis algorithm. The article also discusses different types of security vulnerabilities in today’s Web-applications, such as injection. Injection occurs when an attacked successfully sends untrusted data to an interpreter, causing the interpreter to execute unintended commands. Another seuriy vulnerability is cross-site scripting (XSS), which is where an attacker injects a malicious script into people’s web browsers, which will cause an execution of some sort. Document Object Model (or DOM)-based XSS is an exploit with JavaScript code. Lastly, the article discusses unvalidated redirects and forwards as an form of security breach. This exploit causes the user to be redirected to unintended Web sites, perform unauthorized AJAX requests, and connect to servers using ports or protocols. read more...

JavaScript Powa {3}

by Bernard T
The article I read,  which was published by Wired had to do with the power of JavaScript. It spoke about how Java was being taught to non technical employees of a company through a website called “Codecademy” in order to educate them about certain code languages, specifically JavaScript.  Codecademy does not just focus on JavaScript however it also offers training in Ruby and Python. These languages were not intended to be used by big companies to handle their back-end infrastructure, according to the article, but it seems to have found its way into the enterprise level. JavaScript was not intended for that but some in the industry seems to have adopted the language to do so. According to the web “back-end are terms used to characterize program interfaces and services relative to the initial user of these interfaces and services. (The “user” may be a human being or a program.)” Front-end, of course is the part of the application that users interact with directly. Numerous media and publishing companies have recently hired so many web programmers that they say that this is mainly the reason why these languages have found their way to the back-end. read more...

The Creation Of JavaScript {4}

by Jasmine C
The article I read about this week was about the establishment of JavaScript.  JavaScript was created in 1995, when Netscape hired a man by the name of Brendan Eich to create a programming language for a working prototype that would be able to run in Netscape’s browser.  Eich knew how to build new programming languages because when he went to the University of Illinois, he used to build languages just so that he could experiment with the syntax (Serverance, p. 7).  Netscape wanted a language that could match Java and could easily be rooted in webpages.  The limitations imposed on Eich was that he could not use the object-oriented syntax that Java used so JavaScript uses the basic syntax from C language. The article then goes on to talk about how there most likely will not be a JavaScript 2.0 because the JavaScript language had the basic requirements to endure the Web 2.0 revolution.  Now in the modern era with HTML5, it is highly possible that JavaScript will become the dominant programming language in both mobile and desktop applications. According to the article,  JavaScript is only really just beginning. read more...