Abstract
The evolving nature of web applications and the languages they are written in continually present new challenges and new research opportunities. For example, web sites that present trusted and untrusted code to web users aim to provide isolation and secure mediation across a defined interface. Older versions of JavaScript make it difficult for one section of code to provide limited access to another, while improvements in standardized ECMAScript bring the problem closer to traditional language-based encapsulation. As a result, rigorous language semantics and acceptable limitations on the language constructs used in trusted code make provable solutions possible.
We have developed sound program analysis tools for specific versions of ECMAScript 5, providing security guarantees against threats from untrusted code in a larger language. However, many security problems remain and there are many ways that future language tools may improve web security and developer productivity.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mitchell, J.C. (2011). Program Analysis for Web Security. In: Yahav, E. (eds) Static Analysis. SAS 2011. Lecture Notes in Computer Science, vol 6887. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23702-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-23702-7_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23701-0
Online ISBN: 978-3-642-23702-7
eBook Packages: Computer ScienceComputer Science (R0)