Abstract
Abstract
With the improvement of W3C standards and increasingly improved environment
of browser, Web applications have become the mode form of web development. Due to
the advent of the mobile Internet boom, the "hybrid" applications (Hybrid Application)
development bring Web applications into the field of mobile application development.
Web applications are everywhere in Internet nowadays. However, the security of Web
applications is an area that has received less attention, and lack for the utility library of
Web application security issues but also make developers difficult to detect and prevent
security risks in the developing process.
By studying the status of the current Web application security issues, the article
analyzes in detail for several of the common security issues, and proposed a new so-
lution for every problem. The second chapter analyzes the issues related to JavaScript
hijacking, and prompt the "detection method" in the development and use phases; the
third chapter analyzes the issues related to XSS attacks, proposed the use of the Observ-
er monitoring for static DOM , and rewrite dynamic label creation methods; the fourth
chapter analyzes the issues related to user tracking, prompt preventive measures pro-
posed EverCookie and Canvas combine fingerprint. The innovation point of this paper
is to address three common Web application security issues put forward a new solution.
Contrary to the solutions before, solutions in this article are so much positive rather than
negative. In addition, a JavaScript library named Ace.js is created by the solutions in
this article, and already open source on Github.
Web applications are not only hot now modern Web technology development, but
also for the future of application development approach. Problems and methods men-
tioned in this article, the current Web application development has important guiding
significance; the Ace.js libraries will has an important value to the current Web appli-
cation development .
Key Words: Web Application, Web Security, JavaScript Hijacking, XSS, Customer
location
II
万方数据
评论0
最新资源