Abstract
The Web has evolved from a static distributed hypertext system into a rich application platform, where the browser is capable of running highly dynamic client-side applications, which merely depend on backend server-side services for data storage. We observe a similar trend within the field of Web security, where more responsibilities are pushed towards the client side. Security mechanisms have evolved from default browser policies that are the same for all applications to server-driven security policies composed at the server side and enforced at the client side. This chapter briefly sketches the trends in the evolution of the Web and the parallels in the field of Web security. We introduce a social networking example scenario that will serve as a working example throughout this book. Finally, we provide a reader’s guide for the intended target audiences, which include students, teachers, trainers, researchers, developers, and security practitioners.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Berjon, R., Faulkner, S., Leithead, T., Navara, E.D., O’Connor, E., Pfeiffer, S., Hickson, I.: HTML 5.1 specification. W3C Working Draft (2014)
Berners-Lee, T., Fielding, R.T., Masinter, L.: Uniform Resource Identifier (URI): generic syntax. RFC Internet Standard (RFC 3986) (2005)
Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: Hypertext Transfer Protocol – HTTP/1.1. RFC 2616 (1999)
Fitzgerald, D.: Yahoo passwords stolen in latest data breach. http://online.wsj.com/news/articles/SB10001424052702304373804577522613740363638 (2012)
Gollucci, P.M.: Apache.org incident report for 04/09/2010. https://blogs.apache.org/infra/entry/apache_org_04_09_2010 (2010)
Hirsch, F.: Device APIsWorking Group. http://www.w3.org/2009/dap/ (2014)
Infosecurity: Adobe hacked customers’ card details and adobe source code stolen. http://www.infosecurity-magazine.com/view/34872/adobe-hacked-customers-card-detailsand-adobe-source-code-stolen (2013)
Infosecurity: HowGCHQhacked belgacom. http://www.infosecurity-magazine.com/view/35558/how-gchq-hacked-belgacom (2013)
Jacobs, F.: How reuters got compromised by the syrian electronic army. https://medium.com/@FredericJacobs/the-reuters-compromise-by-the-syrian-electronic-army-6bf570e1a85b (2014)
Kelly, S.M.: LastPass passwords exposed for some internet explorer users. http://mashable.com/2013/08/19/lastpass-password-bug/ (2013)
King, A.: Club nintendo japan hacked, user details could be compromised. http://wiiudaily.com/2013/07/club-nintendo-japan-hacked/ (2013)
Kovacs, E.: Vodafonegermany hacked, details of 2 million users stolen. http://news.softpedia.com/news/Vodafone-Germany-Hacked-Details-of-2-Million-Users-Stolen-382458.shtml (2013)
Luo, T., Hao, H., Du, W., Wang, Y., Yin, H.: Attacks on webview in the android system. In: Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC), pp. 343–352 (2011)
Martin, B., Brown, M., Paller, A., Kirby, D.: Cwe/sans top 25 most dangerous programming errors. http://cwe.mitre.org/top25/ (2011)
Masnick, M.: FLYING PIG: The NSA is running man in the middle attacks imitating Google’s servers. http://www.techdirt.com/articles/20130910/10470024468/flying-pig-nsa-is-runningman-middle-attacks-imitating-googles-servers.shtml (2013)
Perlroth, N.: Lax security at linkedin is laid bare. http://www.nytimes.com/2012/06/11/technology/linkedin-breach-exposes-light-security-even-at-data-companies.html?pagewanted=all(2012)
Reisinger, D.: eBay hacked, requests all users change passwords. http://www.cnet.com/news/ebay-hacked-requests-all-users-change-passwords/ (2014)
Riley, M., Elgin, B., Lawrence, D., Matlack, C.: Missed alarms and 40 million stolen credit card numbers: How target blew it. http://www.businessweek.com/articles/2014-03-13/targetmissed-alarms-in-epic-hack-of-credit-card-data (2014)
Ross, D.: Entry point regulation for web apps. http://randomdross.blogspot.be/2014/08/entrypoint-regulation-for-web-apps.html (2014)
Sterne, B., Barth, A.: Content Security Policy 1.0. W3C Candidate Recommendation (2012)
Symantec Corporation: 2013 norton report. http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=norton-report-2013 (2013)
Symantec Corporation: Internet security threat report. http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf (2014)
TNS Opinion & Social: Special eurobarometer 404—cyber security. http://ec.europa.eu/public_opinion/archives/ebs/ebs_404_en.pdf (2013)
Wichers, D.: Owasp top 10. https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project (2013)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2014 Philippe De Ryck, Lieven Desmet, Frank Piessens, Martin Johns
About this chapter
Cite this chapter
Ryck, P., Desmet, L., Piessens, F., Johns, M. (2014). The Relevance of Client-Side Web Security. In: Primer on Client-Side Web Security. SpringerBriefs in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-319-12226-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-12226-7_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12225-0
Online ISBN: 978-3-319-12226-7
eBook Packages: Computer ScienceComputer Science (R0)