SP 800-28 Version 2. Guidelines on Active Content and Mobile Code

Authors:
Wayne Jansen;Theodore Winograd;Karen A. Scarfone
Affiliations:
National Institute of Standards and Technology;Booz Allen Hamilton;National Institute of Standards and Technology
Venue:
SP 800-28 Version 2. Guidelines on Active Content and Mobile Code
Year:
2008

Citing 13
Cited 1

Understanding Code Mobility

IEEE Transactions on Software Engineering
JRes: a resource accounting interface for Java

Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Mobile Code Security

IEEE Internet Computing
Secure Web Scripting

IEEE Internet Computing
Software Development on Internet Time

Computer
Embracing Change with Extreme Programming

Computer
Protecting Mobile Code in the Wild

IEEE Internet Computing
A Reference Architecture for Web Servers

WCRE '00 Proceedings of the Seventh Working Conference on Reverse Engineering (WCRE'00)
Botnets: Big and Bigger

IEEE Security and Privacy
Model-carrying code: a practical approach for safe execution of untrusted applications

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Mobile Code Paradigms and Security Issues

IEEE Internet Computing
A Reference Architecture for Web Browsers

ICSM '05 Proceedings of the 21st IEEE International Conference on Software Maintenance
The ghost in the browser analysis of web-based malware

HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets

SP 800-44 Version 2. Guidelines on Securing Public Web Servers

SP 800-44 Version 2. Guidelines on Securing Public Web Servers

Quantified Score

Hi-index	0.00

Visualization

Abstract

Active content technologies allow code, in the form of a script, macro, or other kind of portable instruction representation, to execute when the document is rendered. Like any technology, active content can be used to deliver essential services, but it can also become a source of vulnerability for exploitation by an attacker. The purpose of this document is to provide an overview of active content and mobile code technologies in use today and offer insights for making informed IT security decisions on their application and treatment. The discussion gives details about the threats, technology risks, and safeguards for end user systems, such as desktops and laptops. Although various end user applications, such as email clients, can involve active content, Web browsers remain the primary vehicle for delivery and are underscored in the discussion. The tenets presented for Web browsers apply equally well to other end user applications and can be inferred directly.