JavaScript Security Risks

Abstract: This document addresses the issues that JavaScript introduces into a document format. It shows how basic JavaScript can be manipulated and obfuscated to evade signature detection, by using publically available and known methods. Code that introduces both a data hiding and data attack risk can be difficult to detect, especially when the code is obfuscated. This paper presents some known methods to mitigate the risk of running JavaScript; however, at the moment, more research is needed to develop a more robust solution.

Date Published:

Last Reviewed: 11 December 2017

Identifier: U/OO/234055-17

Dissemination Control: N/A

Length: 62 page(s)

Format: pdf

Type: Reference/Overview; Report

Tags: National Security Agency - NSA; Cyber; Guidance; Exploitation; Vulnerability; Data