Abstract
The networking functionality of JavaScript is restricted by the Same Origin Policy (SOP). However, as the SOP applies on a document level, JavaScript still possesses certain functionality for cross domain communication. These capabilities can be employed by malicious JavaScript to gain access to intranet resources from the outside. In this paper we exemplify capabilities of such scripts. To protect intranet hosts against JavaScript based threats, we then propose three countermeasures: Element Level SOP, rerouting of cross-site requests, and restricting the local network. These approaches are discussed concerning their respective protection potential and disadvantages. Based on this analysis, the most promising approach, restricting the local network, is evaluated practically. © Springer-Verlag Berlin Heidelberg 2007.
Cite
CITATION STYLE
Johns, M., & Winter, J. (2007). Protecting the intranet against “JavaScript malware” and related attacks. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4579 LNCS, pp. 40–59). Springer Verlag. https://doi.org/10.1007/978-3-540-73614-1_3
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
