Detection of Code Injection Vulnerabilities in HTML5 Apps
In order to develop mobile cross-platform applications, frameworks based on JavaScript and HTML5 are often used. Unfortunately, such applications do not only bring the advantage of platform independence, but also the vulnerabilities of browser applications, especially the ability to inject potentially malicious code. This report presents a tool that can detect and evaluate the use of Content Security Policy (CSP), a browser feature that can protect against code injection. It also shows how to determine whether an application that does not use CSP or uses it in an insecure manner is vulnerable to code injection via Apache Cordova plug-ins.
Downloads
| File | Description | File size |
|---|---|---|
CSP Evaluator
|
|
197 KB |
|
Code Injection Detection Tool
|
|
409 KB |