JavaScript: JavaScript coding errors will cause network disasters. Javascript tutorial
March 26, according to malware researchers, web developers with JavaScript coding errors and experience using new programming technologies will pose a serious threat to many websites and users accessing these websites.
According to the InfoWorld website, Billy Hoffman, the main research engineer of SPI Dynamics software, delivered a speech at the ShmooCon hacking conference held on March 24, saying, the SPI penetration tool used by enterprises has caused some security problems in online websites and applications.
He said the threats are concentrated on JavaScript errors and insecure use of network service programming languages such as AJAX in many popular websites and applications.
In addition to vulnerabilities opened in network applications, Hoffman also describes how hackers use JavaScript and AJAX-based tools to find new security vulnerabilities on the network and perform cross-site scripting attacks.
Hoffman said that over the past two years, we have seen many bad things in JavaScript, including Cookie Theft, key record recording, screen capturing, and various phishing attacks. Currently, JavaScript is also used for port scanning, making malicious software for self-propagation, and stealing historical browser data.
The researchers said many well-known websites have JavaScript security vulnerabilities. He demonstrated how to forge content on the webpage of a news website by using a proof-of-concept code based on a JavaScript Security vulnerability on the CNN.com website.
Hoffman said the issue was reported on the security forum a few months ago and CNN was notified. However, this vulnerability is not fixed yet.
Malicious Code writers are using this technology to create cross-site scripting threats, misleading consumers to provide their own passwords, allowing hackers to access the personal information of these users.
Hoffman said people should understand the severity of these problems. If software developers ignore these problems, they will cause a disaster. We need to try to change the software development and security industry so that they can understand the potential dangers of these errors.