When Third-Party JavaScript Meets Cache: Explosively Amplifying Security Risks on the Internet
Author
Abstract

Web Caching Security 2022 - Today’s web applications feature the proliferation of third-party JavaScript inclusion, which incurs a range of security risks. Although attack strategies by manipulating third-party JavaScript files have been widely investigated, the adverse impact caused by third-party JavaScript inclusion and caching does not receive much attention. Specifically, when a malicious script is cached, it can revive and bite every time when a user visits any website that includes it, leading to a much worse effect of the attack. In this paper, we present the first comprehensive study on Alexa top one million websites to investigate how likely thirdparty JavaScript inclusion and caching can make an attack largescale and long-lasting, and further to uncover insecure practices that carelessly or inadvertently exacerbate the attack impact. We also discuss potential solutions to improve current practices to minimize the security risk associated with third-party JavaScript inclusion and caching.

Year of Publication
2022
Date Published
oct
Publisher
IEEE
Conference Location
Austin, TX, USA
ISBN Number
978-1-66546-255-6
URL
https://ieeexplore.ieee.org/document/9947247/
DOI
10.1109/CNS56114.2022.9947247
Google Scholar | BibTeX | DOI