App security with JSFlow
Paper i proceeding, 2016

This abstract accompanies a demo of app security using JSFlow [7]. The interested reader is encouraged to try the JSFlow tool [8] and get a full account of the theory and practice behind JSFlow, as detailed in a journal article [9]. The web has transitioned from simple, static pages to full edged applications. When loading a web application, content and scripts may be downloaded from various sources: the 1st party (the application provider), 3rd parties (e.g., library or service providers), as well other users (indirectly, via user generated content). The situation, where either of these sources is untrustworthy or malicious, may lead to attacker controlled code being executed on users' machines. This is particularly problematic, since attacker controlled code allows for complete circumvention of traditional protection mechanisms, and puts the users in the situation, where they cannot trust applications with sensitive information without endangering the con dentiality of the information.

Författare

Daniel Hedin

Chalmers, Data- och informationsteknik, Programvaruteknik

IEEE/ACM International Conference on Mobile Software Engineering and Systems, MobileSoft 2016; Austin; United States; 16 May 2016 through 17 May 2016

289-290

Ämneskategorier

Datorteknik

DOI

10.1145/2897073.2897714

ISBN

978-145034178-3