Software development has, to a large extent, become synonymous with using readymade blocks of code in the form of third-party components, like libraries and frameworks, to build applications. All code may include weaknesses that may be exploited by criminals and script kiddies, potentially causing harm to both corporations and people. Third-party components, too, may include weaknesses, but in the case of such a vulnerability being exploited, the effects could be even more critical since popular components may be used in thousands of applications. There are several types of vulnerabilities and one of them is called prototype pollution. This is a JavaScript specific vulnerability that has been found in many well-used third-party components in the last years. However, it has not been the subject of much research. This thesis investigates the risks of using third-party components when developing software with a focus on web applications by conducting a literature survey. It also includes a case study of the prototype pollution vulnerabilities found in recent years and what mitigation techniques have been proposed by both academia and the industry.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:mau-52654 |
Date | January 2022 |
Creators | Johansson, Anni |
Publisher | Malmö universitet, Fakulteten för teknik och samhälle (TS) |
Source Sets | DiVA Archive at Upsalla University |
Language | English |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0012 seconds