431903 Secure Web Proxy Application

This is based on the idea of rendering all legitimate JavaScripts syntactically incorrect, so that every JavaScript that is eventually executed by a browser can be concluded to be malicious. Therefore, the first step for deploying SWAP is to identify all legitimate script calls in the original Web application, and to replace each one by a unique identifier, a script ID. This effort has to be repeated every time a change is made to the application that alters or adds JavaScript code. Fortunately, it is easily possible to automate this step. Generally, in order to locate legitimate scripts in the original Web application, it is advisable to utilize a similar mechanism as the JavaScript detection component later used to identify malicious scripts . This ensures that no legitimate scripts are overseen and later erroneously reported as malicious. Since we assume that all legitimate scripts are shipped with the software and not user-contributed, obviously, this step should be performed on a fresh installation of the application, without any user-provided content in the application database. Note, that in the case where legitimate scripts are stored in the database, also these scripts must be encoded into script IDs. For the applications we used for testing, applying simple bash scripts using grep and sed on the source code was sufficient to accomplish the task. There are three requirements for a script ID: First, it must not contain any valid HTML tags, so that except of removing the script, the structure of the Web page is preserved. Second, it must not contain what would be interpreted as JavaScript by a browser, so that when rendering a page it is safe to conclude that all script executions stem from illegitimately injected scripts. Third, the mapping must be reversible, so that after probing a page for scripts, the original condition with functional JavaScript code can be reestablished. For our prototype implementation, we defined a set of strings that directly indicate the presence of JavaScript code, such as the script tag. If any further clarification just pm