Many security vulnerabilities in modern web applications see common occurrences on numerous real-world websites, as demonstrated by studies like the Open Web Application Security Project (OWASP), which measures the most common vulnerabilities and releases their Top Ten list every few years. Conclusions: The location of the mitigation impacts the application's security posture, with mitigations placed within the framework resulting in more secure applications. Results: We analyze the results to compare the number of vulnerable projects to the mitigation locations used in each framework and perform statistical analysis of confounding variables. Using automated and manual analysis of each group of applications, we identify the number of projects vulnerable to cross-site scripting, and the number of vulnerabilities in each project, based on the framework used. We perform an empirical study of JavaScript applications that use the three most common template engines: Jade/Pug, EJS, and Angular. Method: In this paper, we present four locations in an application, relative to the framework being used, where a mitigation can be applied. Aim: The goal of our study is to understand how the security features of a framework impact the security of the applications written using that framework.
Vulnerabilities like cross-site scripting introduce significant risks in web applications.
Background: JavaScript frameworks are widely used to create client-side and server-side parts of contemporary web applications.
0 kommentar(er)
