SemOpenAlex |

SemOpenAlex

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4283332017> ?p ?o ?g. }

Showing items 1 to 91 of 91 with 100 items per page.

W4283332017 abstract "Despite the considerable amounts of resources invested into securing the Web, Cross-Site Scripting (XSS) is still widespread. This is especially true for Client-Side XSS as, unlike server-side application frameworks, Web browsers do not ship with standard protection routines, so-called sanitizers. Web developers, therefore, have to either resort to third-party libraries or write their own sanitizers to stop XSS in its tracks. Such custom sanitizer routines – dubbed hand sanitizers in the following – are notoriously difficult to implement securely. In this paper, we present a technique to automatically detect, extract, analyze, and validate JavaScript sanitizer functions using a combination of taint tracking and symbolic string analysis. While existing work evaluates server-side sanitizers using a small number of applications, we present the first large-scale study of client-side JavaScript sanitizers. Of the most popular 20,000 websites, our method detects 705 unique sanitizers across 1,415 domains, of which 12.5% are insecure. Of the vulnerable sanitizers, we were able to automatically generate circumventing exploits for 51.3% of them, highlighting the dangers of manual sanitization attempts. Interestingly, vulnerable sanitizers are present across the entire range of website rankings considered, and we find that most sanitizers are not generic enough to thwart XSS if used in just a slightly different context. Finally, we explore the origins of vulnerable sanitizers to motivate adopting a standardized sanitization API available directly in the browser." @default.
W4283332017 created "2022-06-24" @default.
W4283332017 creator A5002067855 @default.
W4283332017 creator A5016611640 @default.
W4283332017 creator A5027919996 @default.
W4283332017 creator A5067741827 @default.
W4283332017 creator A5087823285 @default.
W4283332017 date "2022-06-01" @default.
W4283332017 modified "2023-10-05" @default.
W4283332017 title "Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions" @default.
W4283332017 cites W1991074244 @default.
W4283332017 cites W2002447170 @default.
W4283332017 cites W200873936 @default.
W4283332017 cites W2038841294 @default.
W4283332017 cites W2049214202 @default.
W4283332017 cites W2093213895 @default.
W4283332017 cites W2111487235 @default.
W4283332017 cites W2138124253 @default.
W4283332017 cites W2147050153 @default.
W4283332017 cites W2151619740 @default.
W4283332017 cites W2169867894 @default.
W4283332017 cites W2169868363 @default.
W4283332017 cites W2510134782 @default.
W4283332017 cites W2512416592 @default.
W4283332017 cites W2535549398 @default.
W4283332017 cites W2743909715 @default.
W4283332017 cites W2790761820 @default.
W4283332017 cites W2901089484 @default.
W4283332017 cites W2962940036 @default.
W4283332017 cites W3007024382 @default.
W4283332017 cites W3046732376 @default.
W4283332017 cites W3142457714 @default.
W4283332017 cites W3164306598 @default.
W4283332017 doi "https://doi.org/10.1109/eurosp53844.2022.00023" @default.
W4283332017 hasPublicationYear "2022" @default.
W4283332017 type Work @default.
W4283332017 citedByCount "1" @default.
W4283332017 countsByYear W42833320172023 @default.
W4283332017 crossrefType "proceedings-article" @default.
W4283332017 hasAuthorship W4283332017A5002067855 @default.
W4283332017 hasAuthorship W4283332017A5016611640 @default.
W4283332017 hasAuthorship W4283332017A5027919996 @default.
W4283332017 hasAuthorship W4283332017A5067741827 @default.
W4283332017 hasAuthorship W4283332017A5087823285 @default.
W4283332017 hasConcept C111919701 @default.
W4283332017 hasConcept C118643609 @default.
W4283332017 hasConcept C136764020 @default.
W4283332017 hasConcept C151730666 @default.
W4283332017 hasConcept C202477664 @default.
W4283332017 hasConcept C2779343474 @default.
W4283332017 hasConcept C35578498 @default.
W4283332017 hasConcept C38652104 @default.
W4283332017 hasConcept C39569185 @default.
W4283332017 hasConcept C41008148 @default.
W4283332017 hasConcept C544833334 @default.
W4283332017 hasConcept C59241245 @default.
W4283332017 hasConcept C61423126 @default.
W4283332017 hasConcept C79373723 @default.
W4283332017 hasConcept C86803240 @default.
W4283332017 hasConceptScore W4283332017C111919701 @default.
W4283332017 hasConceptScore W4283332017C118643609 @default.
W4283332017 hasConceptScore W4283332017C136764020 @default.
W4283332017 hasConceptScore W4283332017C151730666 @default.
W4283332017 hasConceptScore W4283332017C202477664 @default.
W4283332017 hasConceptScore W4283332017C2779343474 @default.
W4283332017 hasConceptScore W4283332017C35578498 @default.
W4283332017 hasConceptScore W4283332017C38652104 @default.
W4283332017 hasConceptScore W4283332017C39569185 @default.
W4283332017 hasConceptScore W4283332017C41008148 @default.
W4283332017 hasConceptScore W4283332017C544833334 @default.
W4283332017 hasConceptScore W4283332017C59241245 @default.
W4283332017 hasConceptScore W4283332017C61423126 @default.
W4283332017 hasConceptScore W4283332017C79373723 @default.
W4283332017 hasConceptScore W4283332017C86803240 @default.
W4283332017 hasFunder F4320320879 @default.
W4283332017 hasLocation W42833320171 @default.
W4283332017 hasOpenAccess W4283332017 @default.
W4283332017 hasPrimaryLocation W42833320171 @default.
W4283332017 hasRelatedWork W1184927937 @default.
W4283332017 hasRelatedWork W2222574961 @default.
W4283332017 hasRelatedWork W2280791942 @default.
W4283332017 hasRelatedWork W2313055692 @default.
W4283332017 hasRelatedWork W2339828819 @default.
W4283332017 hasRelatedWork W2379130201 @default.
W4283332017 hasRelatedWork W2762905771 @default.
W4283332017 hasRelatedWork W3092270246 @default.
W4283332017 hasRelatedWork W3214378487 @default.
W4283332017 hasRelatedWork W4253023907 @default.
W4283332017 isParatext "false" @default.
W4283332017 isRetracted "false" @default.
W4283332017 workType "article" @default.