Topic
JSONP
About: JSONP is a research topic. Over the lifetime, 19 publications have been published within this topic receiving 367 citations. The topic is also known as: JSON with Padding.
Papers
27 Oct 2008
TL;DR: Same Origin Mutual Approval (SOMA) is a new policy for controlling information flows that prevents common web vulnerabilities and prevents page content from being retrieved from malicious servers and sensitive information from being communicated to an attacker.
Abstract: Unrestricted information flows are a key security weakness of current web design. Cross-site scripting, cross-site request forgery, and other attacks typically require that information be sent or retrieved from arbitrary, often malicious, web servers. In this paper we propose Same Origin Mutual Approval (SOMA), a new policy for controlling information flows that prevents common web vulnerabilities. By requiring site operators to specify approved external domains for sending or receiving information, and by requiring those external domains to also approve interactions, we prevent page content from being retrieved from malicious servers and sensitive information from being communicated to an attacker. SOMA is compatible with current web applications and is incrementally deployable, providing immediate benefits for clients and servers that implement it. SOMA has an overhead of one additional HTTP request per domain accessed and can be implemented with minimal effort by application and web browser developers. To evaluate our proposal, we have developed a Firefox SOMA add-on.
65 citations
27 May 2011
TL;DR: Cross Site Request Forgery (CSRF) attack is one of those common vulnerabilities, but it is less known to web developers as compared to others so it can be found easily in web applications.
Abstract: Now a days, most of the people use internet for their business and commercial use. This advancement of technology make our daily life better but there are so many risks due to some web applications vulnerabilities. Cross Site Request Forgery (CSRF) attack is one of those common vulnerabilities, but it is less known to web developers as compared to others so it can be found easily in web applications. In CSRF attack an attacker forces victim's web browser to perform an unwanted action on a trusted website without user's interaction in that action.
57 citations
9 Nov 2009
TL;DR: A client-side policy enforcement framework to transparently protect the end-user against CSRF is presented, which monitors all outgoing web requests within the browser and enforces a configurable cross-domain policy.
Abstract: As businesses are opening up to the web, securing their web applications becomes paramount. Nevertheless, the number of web application attacks is constantly increasing. Cross-Site Request Forgery (CSRF) is one of the more serious threats to web applications that gained a lot of attention lately. It allows an attacker to perform malicious authorized actions originating in the end-users browser, without his knowledge. This paper presents a client-side policy enforcement framework to transparently protect the end-user against CSRF. To do so, the framework monitors all outgoing web requests within the browser and enforces a configurable cross-domain policy. The default policy is carefully selected to transparently operate in a web 2.0 context. In addition, the paper also proposes an optional server-side policy to improve the accuracy of the client-side policy enforcement. A prototype is implemented as a Firefox extension, and is thoroughly evaluated in a web 2.0 context.
35 citations
Proceedings Article•
19 Oct 2014TL;DR: A simple API which is used to provide access to the KnowledgeStore, a scalable, fault-tolerant, and Semantic Web grounded storage system for interlinking structured and unstructured data, developed in the contect of the FP7 NewsReader EU project.
Abstract: RDF and SPARQL technologies have not gained widespread acceptance amongst web developers. We describe a simple API which is used to provide access to the KnowledgeStore, a scalable, fault-tolerant, and Semantic Web grounded storage system for interlinking structured and unstructured data, developed in the contect of the FP7 NewsReader EU project. The simple API wraps a set of parameterised SPARQL queries to access the KnowledgeStore RDF structured content, and calls to the KnowledgeStore CRUD endpoint to retrieve unstructured resources. Responses are delivered as JSON, JSONP, HTML or CSV. The API is largely self-documenting. The API is written using the Flask Python library, and includes an extensive suite of tests. It is modular, so that new SPARQL queries can be added easily or it could be used as a template for providing an API to any SPARQL endpoint. The simple API was succesfully exploited by 38 web developers, many of them unfamiliar with RDF and SPARQL technologies, to build web applications on top of the KnowledgeStore.
12 citations
TL;DR: This chapter discusses about the application of NoSQL database in Web Crawlers application to store the data collected by the Web Crawler.
Abstract: With the advent of Web technology, the Web is full of unstructured data called Big Data. However, these data are not easy to collect, access, and process at large scale. Web Crawling is an optimization problem. Site-specific crawling of various social media platforms, e-Commerce websites, Blogs, News websites, and Forums is a requirement for various business organizations to answer a search quarry from webpages. Indexing of huge number of webpage requires a cluster with several petabytes of usable disk. Since the NoSQL databases are highly scalable, use of NoSQL database for storing the Crawler data is increasing along with the growing popularity of NoSQL databases. This chapter discusses about the application of NoSQL database in Web Crawler application to store the data collected by the Web Crawler.
10 citations
Related Topics (5)
Performance Metrics
| Year | Papers |
|---|---|
| 2021 | 1 |
| 2020 | 1 |
| 2019 | 1 |
| 2018 | 1 |
| 2017 | 2 |
| 2016 | 4 |