![]() ![]() Older versions of JavaScript libraries often contain vulnerabilities. The library version is outdated and contains vulnerabilities ![]() The possible countermeasures are mentioned as well. Per risk, jQuery is used to add some real-world calculations of its occurrence. The risks related to the use of standard JavaScript libraries are discussed here. For better understanding, the vulnerabilities are listed in the following table. Retire.js is a vulnerability checker for JavaScript libraries. The descriptions of the vulnerabilities can be found on the CVE database and on retire.js. In jQuery, there is only a small number of publicly known vulnerabilities. Many vulnerabilities in software are published on the internet. Of the top websites, 3 out of 4 are using jQuery. This number is in line with statistics from Built With, which in addition states that more than 43 million websites use jQuery. My own observation from 20.000 websites is that jQuery is used in 1 out of 10 websites. It’s also often part of the styling of websites, usually as a component of another package such as WordPress. JQuery makes it easier to create dynamic websites with advances functions, such as retrieving data from a web page or editing data in the browser. JQuery is a common JavaScript library and is used here as an example to assess the risks. The libraries accelerate the development of web sites, but is it safe to use them? In this article, we take a closer look at the risks of JavaScript libraries and on the necessary measures. Learn if your Websites Safely use JavaScript libraries BackgroundĪ JavaScript library is a collection of JavaScript functions that is located in one or more scripts. This control requires website developers to have security knowledge. The XSS-risk is minimized by validating the input before the JavaScript function of the library is invoked. The vulnerabilities are usually caused by insufficient input validation in JavaScript functions, resulting in the processing of HTML code where the script expects plain text. Minimize the probability of XSS occurring, regardless of the library version that is used. This informs you if someone injected links to malicious external library providers. On a regular basis, check if your website is referring to external libraries. In addition, check the contents of the JavaScript library by using checksums such as MD5 and SHA. Avoid library servers that appear on a malware blacklist. If external JavaScript libraries are used, periodically check the security of the remote library servers. This way, the availability and reliability of the JavaScript library are identical to those of the website where it is used and there is no dependence on third parties. Don’t use external library servers, but rather copy the JavaScript libraries to the server of the website that needs it. ![]() Make sure that always the latest version is used, or at least a version that does not contain public known vulnerabilities. Implement version management for JavaScript libraries as part of patch management. In conjunction, it offers remediation for the risks that have been described above. The following controls are recommended for the safe use of open-source JavaScript libraries. Tips for safe use of JavaScript libraries What are the risks of using JavaScript libraries, and how can those be addressed? In one case it presumably even introduced malware. A little research shows that external JavaScript libraries in 1 out of 5 cases make the website more vulnerable. ![]() Besides the advantages, there are some risks associated with the use of these libraries. JavaScript libraries are very popular in modern websites. 5 tips for a secure use of JavaScript libraries ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |