Visible to the public Biblio

Filters: Author is Peguero, Ksenia  [Clear All Filters]
Conference Paper
Peguero, Ksenia, Zhang, Nan, Cheng, Xiuzhen.  2018.  An Empirical Study of the Framework Impact on the Security of JavaScript Web Applications. Companion Proceedings of the The Web Conference 2018. :753–758.

\textbackslashtextbackslashtextitBackground: JavaScript frameworks are widely used to create client-side and server-side parts of contemporary web applications. Vulnerabilities like cross-site scripting introduce significant risks in web applications.\textbackslashtextbackslash\textbackslashtextbackslash \textbackslashtextbackslashtextitAim: The goal of our study is to understand how the security features of a framework impact the security of the applications written using that framework.\textbackslashtextbackslash\textbackslashtextbackslash \textbackslashtextbackslashtextitMethod: In this paper, we present four locations in an application, relative to the framework being used, where a mitigation can be applied. We perform an empirical study of JavaScript applications that use the three most common template engines: Jade/Pug, EJS, and Angular. Using automated and manual analysis of each group of applications, we identify the number of projects vulnerable to cross-site scripting, and the number of vulnerabilities in each project, based on the framework used.\textbackslashtextbackslash\textbackslashtextbackslash \textbackslashtextbackslashtextitResults: We analyze the results to compare the number of vulnerable projects to the mitigation locations used in each framework and perform statistical analysis of confounding variables.\textbackslashtextbackslash\textbackslashtextbackslash \textbackslashtextbackslashtextitConclusions: The location of the mitigation impacts the application's security posture, with mitigations placed within the framework resulting in more secure applications.