|
Shared Website Code Security Friday, August 13, 2010 - Janice Karin Home >> News >> Internet   
|
|
|
Researchers at the University of California at Berkeley in Berkeley, California and Microsoft Corporation in Redmond, Washington have developed a new security system for monitoring and controlling the shared code on websites. Their new application would identify external shared code and permit web application developers to determine precisely what such code could and could not do to their sites and underlying data.
|
|||||
Some of the options provided by Conscript include the ability to turn off dynamically executed code after a specific point in page loading, restricting the use of time-based callback methods, restricting XMLhttpRequest calls to trusted secure connections, disabling JavaScript access to the private data often stored in cookies, and the use of whitelists to enable or disable executable code from specific sources. For example, a website could explicitly disable all executable code from every source except specific partner sites like Google Maps or Amazon or disallow all server-side calls from any client-side JavaScript code by blocking use of XMLhttpRequest. Conscript can also be used to blacklist specific calls or domains and to log intrusion attempts made against any blocked functions or by blocked domains. Developers can manually select their preferred level of restrictions for each of the seventeen options, but Conscript also supports automated default selections imposed by their IDE or other common development tools. These policies would be developed once then integrated into the project template used for all future development, much like other organizational coding practices and standards are today. TFOT has previously reported on other debugging and security software including self-repairing software capable of locating and fixing a variety of bugs within minutes of their discovery, the security features of the Firefox 3 browser, and the security features of Google Chrome including some JavaScript-specific security features. Read more about Conscript and its functionality in this PDF paper by its principle developers, Leo Meyerovich at UC Berkeley and Ben Livshits at Microsoft. |
|||||
|
|
|||||
|
|
|||||
|
| Other Pictures |
|
GPS and Projector Technology |
|
Wizkid – The Friendly Robot |
| Other Articles |
|
Shedding Light on Blindness |
|
DARPA's Urban Challenge 2007 |
|
|||
|
|||
|
Nice article. As someone who has had a family member bullied and intimidated through Facebook in a work situation, then I think people need to take a real hard look at the potential implications of it, and its morals. Internet security is a particular strength of our business and the amoutn of companies who are not protected through their websites - in the UK - is frightening. Most companies are not even aware what internet security actually is or does and have never heard of terms like "penetration testing" and "brute forcing", in this context. People believe they are safe by putting captcha images on forms - they are not. There is no point in us taking a high ground attitude to this, simply to say that by simply checking your security you can do pretty much what you like on the net, without fear or intimidation. |
