You are here: silicon.com > Resources > White Papers > Software and Web Development > Software Development Tools > Programming Languages

Programming Languages White Papers

Using Static Analysis for Ajax Intrusion Detection

Tags:
programming languages

Overview This paper presents a static control-flow analysis for JavaScript programs running in a web browser. The analysis tackles numerous challenges posed by modern web applications including asynchronous communication, frameworks, and dynamic code generation. The paper uses the analysis to extract a model of expected client behavior as seen from the server, and build an intrusion-prevention proxy for the server: the proxy intercepts client requests and disables those that do not meet the expected behavior. The paper inserts random asynchronous requests to foil mimicry attacks. Finally, the paper evaluates the technique against several real applications and show that it protects against an attack in a widely-used web application.

Further White Paper Details
Publisher	Association for Computing Machinery	File Format	PDF
Date Published	April 2009
Format	White Papers
Topics	Programming Languages, Network Security, Intrusion Detection Systems

Did you find this white paper useful? 1 out of 2 users found this white paper useful

Citizants: Bringing IT In-House

Citizant enhances IT flexibility and scalability by creating a virtualized Dell infrastructure that will pay for itself in 18 months.

Publisher:
Dell EqualLogic

Tags:
application servers

Designing High Availability for Internet Information Services

End downtime forever! - Organizations today are relying more and more on Web services for the implementation of mission-critical applications. With the advent of Service-Oriented Architectures (SOAs),which make extensive use...

Publisher:
CA XOsoft

Tags:
servers

Five JavaScript Frameworks: A Point-by-Point Comparison

There are a multitude of JavaScript frameworks available today for programming rich client-side interactions in web applications. With many such different options, it is important to choose a framework that...

Publisher:
Harbinger Systems

Tags:
java

Increase Reliability with IBM WebSphere File Transfer Edition (FTE)

"Does your organization still use FTP software? Did you know these links require 3 to 4 times more time and effort to build and maintain versus SOA-based Application Integration projects?...

Publisher:
IBM

Tags:
application servers

Energy Monitoring Firm Saves Money, Scales Business With Hosted Computing Platform

Advanced Telemetry develops systems to help businesses monitor and control energy usage, onsite or via the Internet. The company employees 22 people. Advanced Telemetry needed a cost-effective way to scale...

Publisher:
Microsoft

Tags:
programming languages

Bug leaves Windows open to Java attack

The three warnings involve the Microsoft Virtual Machine for running Java applets on Windows; a cross-site scripting bug in a component of Windows 2000 and Windows NT 4.0; and a denial-of-service bug affecting Proxy Server 2.0 and ISA Server.

Cisco battles Juniper with worms

While this software agent protects the desktop itself, it does nothing to prevent worms and viruses from entering the corporate network. In early 2003, it acquired Okena, a small maker of intrusion prevention software for desktops, in a deal valued...

Channel:
Security Strategy

Oracle warns customers of "highly critical" flaw

Since attacks can be specially crafted for Oracle Applications and an attack may only be a single [HTTP request], successful attacks can be easily designed that will evade most intrusion detection and prevention systems," Integrigy said in its...

Channel:
Malware

Gartner: Don't believe the tech security myths

Internet reliability might not be perfect but it is good enough for most purposes, Gartner said, citing research showing 89 per cent of organisations that have switched from frame relay or ATM (asynchronous transfer mode) to IP links were...

Channel:
Security Strategy
Tags:
gartner

Gartner: Don't let security slip over Oracle apps

Immediately shield these systems as well as possible, using firewalls, intrusion prevention systems and other technologies. Some of the flaws carry Oracle's most serious rating, which means they're easy to exploit and an attack can have a wide impact.

Attackers 'making hay with Windows flaw'

Windows users can protect themselves by following the guidance Microsoft gives in its advisory, switching to a non-Microsoft web browser, or installing security software such as Exploit Prevention Labs' SocketShield.

Featured White Papers

The Value of Location Intelligence in the Communications Industry

Public Services are under pressure, the challenge is to do more with less. How do you improve citizen satisfaction, increase cost efficiencies and improve service delivery? The power of location intelligence is helping many local authorities and government departments make more informed decisions and derive greater value from current location-based information and data. Read this whitepaper to see how you can take advantage of location intelligence.

Publisher:
Pitney Bowes

Best Practices for Translating Customer Satisfaction into Revenue

Today's support organisations are focused on two top-level metrics: financial results and customer satisfaction. For most, it's easy to track financial performance, but customer satisfaction is akin to speaking a foreign language. How do you quantify customer satisfaction? Download the Best Practices for Benchmarking Customer Satisfaction to get industry research the Association of Support Professionals (ASP) on how to measure and leverage customer satisfaction.

Publisher:
Citrix Online

HP print solutions and 3M

the objective for 3M was to optimize office printing infrastructure at 3Mlocations worldwide Reduce total cost and environmental footprint. Some of the business benefits acheived by switching to HP print soultions, More than $3 million in savings in first two years and Per page costs reduced by up to 90 percent.