Page 63 - Cyber Warnings August 2017
P. 63

How secure is your Web Browser?


               By Pedro Fortuna, CTO and Co-founder, Jscrambler

               JavaScript is everywhere. Wherever you look, something has been created, at least in
               part, using JavaScript. It runs on your smartphone, personal computer and even on your
               server.  It  is  so  easy  to  learn  and  use,  as  there  is  a  wide  availability  of  easy-to-
               incorporate,  open-source  libraries  like  jQuery,  React.js  and  Frameworks  such  as
               Backbone.js, Angular.js, and Ember.js. Companies use it to develop web applications
               that deal with sensitive information.

               Most importantly, JavaScript is very dynamic and versatile. Organisations will use it to
               develop  almost  anything  that  is  important  to  them.  Since  hackers  target  popular
               languages and come up with innovative exploits every day, this leaves an interpreted
               language  such  as  JavaScript  open  to  attack  unless  you  take  the  proper  defensive
               measures.

               Given the vast proliferation of JavaScript, more and more sensitive logic gets developed
               in JavaScript and increasing amount of data and Intellectual Property is being put on the
               client-side; people are certainly becoming aware and rightly concerned about this issue.
               By  focusing  only  on  protecting  the  server,  as  companies  have  been  doing  until now,
               they are leaving their front door open to attacks including, user-experience tampering,
               malware injection, data leakage, Man-in-the-Browser (MITB), Intellectual Property and
               code theft.

               It is reckoned that nearly 1 billion Android handsets could be hacked by just one SMS.
               WE  have  also  witnessed  a  proliferation  of  so-called  rogue  app  stores  which  have
               become  a  serious  concern  for  banks.  Subtly  altered  versions  of  popular  apps,  often
               available for free, are frequently appearing on smartphones. In some cases, these apps
               allow thieves to steal mobile banking passwords or redirect text messages containing
               passcodes.

               Historically, code protection meant storing as much code on the server as possible. This
               kept code safe from those meaning to do harm and it also allowed the server to do the
               heavy  work,  with  respect  to  performance.  Still,  storing  code  on  the  server  certainly
               offers the best protection, although with some disadvantages.





                    63   Cyber Warnings E-Magazine – August 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.
   58   59   60   61   62   63   64   65   66   67   68