Return to search

On prototype pollution and security risks of developing with third-party software components

Software development has, to a large extent, become synonymous with using readymade blocks of code in the form of third-party components, like libraries and frameworks, to build applications. All code may include weaknesses that may be exploited by criminals and script kiddies, potentially causing harm to both corporations and people. Third-party components, too, may include weaknesses, but in the case of such a vulnerability being exploited, the effects could be even more critical since popular components may be used in thousands of applications. There are several types of vulnerabilities and one of them is called prototype pollution. This is a JavaScript specific vulnerability that has been found in many well-used third-party components in the last years. However, it has not been the subject of much research. This thesis investigates the risks of using third-party components when developing software with a focus on web applications by conducting a literature survey. It also includes a case study of the prototype pollution vulnerabilities found in recent years and what mitigation techniques have been proposed by both academia and the industry.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:mau-52654
Date January 2022
CreatorsJohansson, Anni
PublisherMalmö universitet, Fakulteten för teknik och samhälle (TS)
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0012 seconds