"JavaScript Security" - Link- und Literaturverzeichnis
Dipl.-Inform. Carsten Eilers
"JavaScript Security" - Link- und Literaturverzeichnis
Kapitel 1: JavaScript in Angreiferhand
Kapitel 2: HTML5-Grafikfunktionen gefährden Sicherheit und Privatsphäre
- [1] Carsten Eilers: "Die dunkle Seite des neuen Webstandards"; PHP Magazin 3.2012
- [2] Carsten Eilers: "HTML5, aber sicher!"; PHP Magazin 4.2012
- [3] Paul Stone, Black Hat USA 2013: "Pixel Perfect Timing Attacks with HTML5"
- [4] W3C: "Timing control for script-based animations", W3C Candidate Recommendation 31 October 2013
- [5] W3C: "Web Style Sheets - CSS tips & tricks: Text shadows"
- [6] W3C: "Filter Effects Module Level 1"
- [7] W3C: "Scalable Vector Graphics (SVG) 1.1 (Second Edition)" - "15 Filter Effects"
- [8] Context Information Security: "WebGL - A New Dimension for Browser Exploitation"
- [9] Robert Kotcher, Yutong Pei, Pranjal Jumde, Collin Jackson; 20th ACM Conference on Computer and Communications Security:
"Cross-Origin Pixel Stealing: Timing Attacks Using CSS Filters"
(alternativ via archive.org als PDF)
- [10] Carsten Eilers: "Clickjacking-Angriffe verhindern - der aktuelle Stand der Dinge"
- [11] Keaton Mowery, Hovav Shacham: "Pixel Perfect: Fingerprinting Canvas in HTML5"
- [12] Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan, Claudia Diaz: "The Web never forgets: Persistent tracking mechanisms in the wild"
- [13] Valentin Vasilyev: Valve/fingerprintjs
- [14] Valentin Vasilyev: "Anonymous Browser Fingerprinting"
- [15] Valentin Vasilyev: Valve/fingerprintjs / fingerprint.js
Kapitel 3: Neue Angriffe in JavaScript
Zurück