App security with JSFlow
Paper in proceeding, 2016

This abstract accompanies a demo of app security using JSFlow [7]. The interested reader is encouraged to try the JSFlow tool [8] and get a full account of the theory and practice behind JSFlow, as detailed in a journal article [9]. The web has transitioned from simple, static pages to full edged applications. When loading a web application, content and scripts may be downloaded from various sources: the 1st party (the application provider), 3rd parties (e.g., library or service providers), as well other users (indirectly, via user generated content). The situation, where either of these sources is untrustworthy or malicious, may lead to attacker controlled code being executed on users' machines. This is particularly problematic, since attacker controlled code allows for complete circumvention of traditional protection mechanisms, and puts the users in the situation, where they cannot trust applications with sensitive information without endangering the con dentiality of the information.


Daniel Hedin

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

IEEE/ACM International Conference on Mobile Software Engineering and Systems, MobileSoft 2016; Austin; United States; 16 May 2016 through 17 May 2016

978-145034178-3 (ISBN)

Subject Categories

Computer Engineering





More information