The Emperor’s New APIs: On the (In)Secure Usage of New Client-side Primitives Steve Hanna§ , Eui Chul Richard Shin‡ , Devdatta Akhawe§ , Arman Boehm‡ , Prateek Saxena§ , Dawn Song§ {sch, ricshin, devdatta, boeh - Saxena - Document - PDFSEARCH.IO - Document Search Engine

Back to Results

First Page	Meta Content
	The Emperor’s New APIs: On the (In)Secure Usage of New Client-side Primitives Steve Hanna§ , Eui Chul Richard Shin‡ , Devdatta Akhawe§ , Arman Boehm‡ , Prateek Saxena§ , Dawn Song§ {sch, ricshin, devdatta, boeh Add to Reading List Document Date: 2014-11-09 00:08:12 Open Document File Size: 257,59 KB Share Result on Facebook City San Diego / / Company ABC / Netflix / Content Security Policy / Twitter / Google / TechCrunch / Facebook / Huffington Post / HTML5 / Yahoo! / extending CSP / / / Event Product Issues / / Facility University of California / JavaScript library / / IndustryTerm prominent client-side protocols / cross-site / web applications / prominent web applications / web platform / Web browsers / unauthorized web / proxyFrame browser server / web community / web application / web browser / targetOrig proxyFrame browser browser server / prominent applications / web application logic / Web Browser Storage / client-side protocols / thirdparty site / important web application protocols / gadget protocol / network-style protocols / target applications / real-world applications / cryptographic solutions / systematic vulnerability finding tool / target site / cryptographic protocols / proxyFrame browser browser server / real-world client-side communication protocols / open wireless / web application providers / real-world web applications / test site / web attacker threat model / benign web sites / client-side communication protocols / web server / web email application / in-house secure protocols / Internet Explorer / / Organization National Science Foundation / University of California / Berkeley / Air Force office of Scientific Research / / Person Dawn Song / Collin Jackson / Adrienne Felt / Chris Grier / Jon Paek / Steve Hanna / Adrian Mettler / Richard Shin / Adam Barth / Arman Boehm / / Position second representative / Emperor / first reverse engineer / document editor / Major / representative / / / Product JavaScript / Google Friend Connect is a system / Facebook Connect is a system / XSS injection / Kudzu / Apple iPhone / Facebook Connect / data flows / Google Friend Connect / Google JavaScript / / ProgrammingLanguage K / HTML / SQL / XML / php / JavaScript / / ProvinceOrState California / / Technology Friend Connect protocols / XML / client-side communication protocols / PHP / JSON / client-side protocols / purely client-side communication protocols / API / Connect protocol / two protocols / two prominent client-side protocols / secret key / HTML / network-style protocols / purely client-side protocols / Ajax / important web application protocols / pdf / gadget protocol / DHTML / HTTP / in-house secure protocols / Friend Connect protocol / web server / / URL http / SocialTag HTTP Cross-platform software Internet privacy Web 2.0 Cryptographic protocols Cross-site scripting HTTP cookie Gmail JavaScript Computing