Countless Web sites about faulty JavaScript components vulnerable

researchers of at Northeastern University in Boston have investigated 133,000 Web pages and it found that 37 percent of them use at least a JavaScript library, which is a known vulnerability. With the latest study the researchers resorted already 2014 conducted investigation one on results, which had shown potential security risks by loading an old version of JavaScript libraries such as jQuery and the AngularJS framework in the browser.

 code security (image: Shutterstock)

these faulty libraries can be exploited under certain circumstances, to take advantage of a well-known cross-site scripting vulnerability in jQuery. About the attackers, it is then possible to inject scripts of your choice in a Web site. The researchers from Boston as well as 75,000 weitre, randomly selected .com domains studied 75,000 worldwide most visited sites according to Amazon’s Alexa list have for their work. You examined in 72 different libraries in several versions of each. In total, 87 percent of the sites in the Alexa list and 46.5 percent of the randomly selected .com sites use one or more of these libraries.

the study found that 36.7 percent of wrapped jQuery are scripts vulnerable. The values are still significantly higher at the angular framework (40.1 percent), handlebars (86.6 percent), and YUI (87.3 percent). 9.7 percent of the surveyed sites use two or more vulnerable libraries.

“the disillusioning result of our study is probably the slip, that the JavaScript library ecosystem complex, unorganized and – as regards security – essentially the ‘ad hoc’ – principle works”, the researchers write. You criticize that there are no reliable vulnerability databases and no security mailing lists operated by the providers of the libraries. Also, hardly any details about security considerations were included in the release notes and it is often very difficult to find out which version of a particular chess point there mentioned is actually affected for users.

in addition, that the majority of the sites uses completely outdated versions. So he lay median in the oldest and the most recent version on a site over three years.

in their study the researchers have tracked also reasons for the disastrous situation: only a small fraction of the surveyed sites (up 2.8%) could all known vulnerabilities thereby dispose, that they play up the available with patch level updates. Almost the total rest which websites should, however, at least a library with a version jump playing a usually compatibility problems and requires this additional code changes. DISPLAY

wireless networking: free ride for vehicles of the next generation of

has become the networking of vehicles over the last 20 years to a medium for general safety messages and traffic management. But nowadays cars are equipped with new sensors to achieve even better networked and safer driving.

Be the first to comment

Leave a Reply