首頁 > 網路資源 > 大同大學數位論文系統

Title page for etd-0830117-150230


URN etd-0830117-150230 Statistics This thesis had been viewed 233 times. Download 0 times.
Author CHIEH-HSIU HSIEH
Author's Email Address No Public.
Department Information Management
Year 2016 Semester 2
Degree Master Type of Document Master's Thesis
Language zh-TW.Big5 Chinese Page Count 43
Title A Research on Protection of HTML5 CORS Security
Keyword
  • Web
  • HTML5
  • CORS
  • Security
  • Security
  • CORS
  • HTML5
  • Web
  • Abstract Web is the most common technology for information delivery or interaction between people on the internet. The emergence of HTML5 in recent years has changed the world of the Web. CORS (Cross-Origin Resource Sharing) is the most common application in HTML5 because it breaks the traditional Same-origin policy (SOP) Exchange messages between different domains.
    However, in recent years, experts have put forward the HTML5 security report, pointed out that there are many security threats in HTML5, these security issues, in fact, most of the negligence caused by the programmers. CORS is convenient, but it is also easy to cause cross-site request forgery (CSRF) attack, especially in the company environment, if the Web system provides CORS service, the internal staff can use the browser to browse an external malicious website, the website will be able to use CORS or WebSockets to sniff or steal information from the company's internal Web system. Now all reports remind developers to be more careful in development, but over time, the company internal systems will increase gradually, if one by one setting each domains, it will become very complicated and error-prone.
    Therefore, this paper designs a browser plugin that can protect CORS attacks utilizing the feature that html5 is running on browser, and proves that it can effectively defend HTML5's CORS attacks through experiment. This plugin execute behind the browser, do not need to spend a lot of cost the purchase of expensive security tools will be able to achieve effective protection, hope to provide this plugin to relevant companys.
    Advisor Committee
  • Patrick S. CHEN - advisor
  • Ming-Hsien Chen - co-chair
  • none - co-chair
  • Files indicate not accessible
    Date of Defense 2017-07-04 Date of Submission 2017-08-31


    Browse | Search All Available ETDs