Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Defeating script injection attacks with browser-enforced embedded policies
Proceedings of the 16th international conference on World Wide Web
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Static detection of security vulnerabilities in scripting languages
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Automatic generation of XSS and SQL injection attacks with goal-directed model checking
SS'08 Proceedings of the 17th conference on Security symposium
Using static analysis for Ajax intrusion detection
Proceedings of the 18th international conference on World wide web
HAMPI: a solver for string constraints
Proceedings of the eighteenth international symposium on Software testing and analysis
Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
XCS: cross channel scripting and its impact on web applications
Proceedings of the 16th ACM conference on Computer and communications security
Regular expressions considered harmful in client-side XSS filters
Proceedings of the 19th international conference on World wide web
ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Dartmouth internet security testbed (DIST: building a campus-wide wireless testbed
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
Fast and precise sanitizer analysis with BEK
SEC'11 Proceedings of the 20th USENIX conference on Security
Toward secure embedded web interfaces
SEC'11 Proceedings of the 20th USENIX conference on Security
A systematic analysis of XSS sanitization in web application frameworks
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications
Proceedings of the 18th ACM conference on Computer and communications security
Towards fully automatic placement of security sanitizers and declassifiers
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
WEBLOG: a declarative language for secure web development
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
deDacota: toward preventing server-side XSS via automatic code and data separation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Automatic mediation of privacy-sensitive resource access in smartphone applications
SEC'13 Proceedings of the 22nd USENIX conference on Security
A survey on server-side approaches to securing web applications
ACM Computing Surveys (CSUR)
Hi-index | 0.01 |
Scripting vulnerabilities, such as cross-site scripting (XSS), plague web applications today. Most research on defense techniques has focused on securing existing legacy applications written in general-purpose languages, such as Java and PHP. However, recent and emerging applications have widely adopted web templating frameworks that have received little attention in research. Web templating frameworks offer an ideal opportunity to ensure safety against scripting attacks by secure construction, but most of today's frameworks fall short of achieving this goal. We propose a novel and principled type-qualifier based mechanism that can be bolted onto existing web templating frameworks. Our solution permits rich expressiveness in the templating language while achieving backwards compatibility, performance and formal security through a context-sensitive auto-sanitization (CSAS) engine. To demonstrate its practicality, we implement our mechanism in Google Closure Templates, a commercially used open-source templating framework that is used in GMail, Google Docs and other applications. Our approach is fast, precise and retrofits to existing commercially deployed template code without requiring any changes or annotations.