Detection of Code Injection Vulnerabilities in HTML5 Apps

posted in #Mobile & Cloud on the 9.08.2019

In order to develop mobile cross-platform applications, frameworks based on JavaScript and HTML5 are often used. Unfortunately, such applications do not only bring the advantage of platform independence, but also the vulnerabilities of browser applications, especially the ability to inject potentially malicious code. This report presents a tool that can detect and evaluate the use of Content Security Policy (CSP), a browser feature that can protect against code injection. It also shows how to determine whether an application that does not use CSP or uses it in an insecure manner is vulnerable to code injection via Apache Cordova plug-ins.

Downloads

File Description File size
pdf Project Report (DE) Version 1.0 of 09.08.2019 (German only)
229 KB
pdf Documentation (DE) Version 1.0 of 09.08.2019 (German only)
184 KB
zip CSP Evaluator Version 1.0 of 09.08.2019
197 KB
zip Code Injection Detection Tool Version 1.0 of 09.08.2019
409 KB