On Access Checking in Capability-Based Systems
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Java security: hostile applets, holes&antidotes
Java security: hostile applets, holes&antidotes
JavaScript (2nd ed.): the definitive guide
JavaScript (2nd ed.): the definitive guide
Learning VBScript
Official NetScape Javascript Book 1.2
Official NetScape Javascript Book 1.2
EMail With A Mind of Its Own: The Safe-Tcl Language for Enabled Mail
Proceedings of the IFIP TC6/WG6.5 International Conference on Upper Layer Protocols, Architectures and Applications
New security architectural directions for Java
COMPCON '97 Proceedings of the 42nd IEEE International Computer Conference
On security in capability-based systems
ACM SIGOPS Operating Systems Review
Building systems that flexibly control downloaded executable context
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
On secure and pseudonymous client-relationships with multiple servers
ACM Transactions on Information and System Security (TISSEC)
Secure Execution of Java Applets Using a Remote Playground
IEEE Transactions on Software Engineering
Computer security and impact on computer science education
CCSC '01 Proceedings of the sixth annual CCSC northeastern conference on The journal of computing in small colleges
IEEE Internet Computing
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
A user's and programmer's view of the new JavaScript security model
USITS'99 Proceedings of the 2nd conference on USENIX Symposium on Internet Technologies and Systems - Volume 2
On secure and pseudonymous client-relationships with multiple servers
WOEC'98 Proceedings of the 3rd conference on USENIX Workshop on Electronic Commerce - Volume 3
Detecting hit shaving in click-through payment schemes
WOEC'98 Proceedings of the 3rd conference on USENIX Workshop on Electronic Commerce - Volume 3
Some thoughts on security after ten years of qmail 1.0
Proceedings of the 2007 ACM workshop on Computer security architecture
SQL-IDS: a specification-based approach for SQL-injection detection
Proceedings of the 2008 ACM symposium on Applied computing
Proceedings of the 2008 workshop on New security paradigms
Security of community developed and 3rd-party wiki plug-ins
WikiSym '08 Proceedings of the 4th International Symposium on Wikis
Designing and Implementing the OP and OP2 Web Browsers
ACM Transactions on the Web (TWEB)
Using one-time passwords to prevent password phishing attacks
Journal of Network and Computer Applications
Detecting frauds in online advertising systems
EC-Web'06 Proceedings of the 7th international conference on E-Commerce and Web Technologies
W3Bcrypt: encryption as a stylesheet
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
| Hi-index | 0.00 |
While conducting a security analysis of JavaScript and VBScript, the most popular scripting languages on the Web, we found some serious flaws. Motivated by this outcome, we propose steps towards a sound definition and design of a security framework for scripting languages on the Web. We show that if such a security framework had been integrated into the respective scripting languages from the very beginning, the probability of preventing the multiple security flaws, that we and other research groups identified, would have been greatly increased.