Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Dependency-based attacks on node.js

: Pfretzschner, B.; Othmane, L. ben


Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society; IEEE Computer Society, Technical Committee on Security and Privacy:
IEEE Cybersecurity Development, SecDev 2016. Proceedings : 3-4 November 2016, Boston, Massachusetts
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2016
ISBN: 978-1-5090-5589-0
ISBN: 978-1-5090-5588-3
ISBN: 978-1-5090-5590-6 (Print)
Cybersecurity Development Conference (SecDev) <2016, Boston/Mass.>
Conference Paper
Fraunhofer SIT ()

Node.js heavily relies on shared variables. Their manipulation can cause service interruption, confidential data leakage, and service behavior change. Such attacks can be performed out of third-party libraries without detection by the service. Identification of such attacks requires analysis of both, application and libraries code.