logo
logo

Today's WWW is built on pillars of sand: Buggy, exploitable JavaScript libs are everywhere

avatar
William Franklin
Mar 14, 2017 08:56
img

Your dependencies are not dependable

The web has a security problem: code libraries.

Almost 88 per cent of the top 75,000 websites and 47 per cent of .com websites rely on at least one vulnerable JavaScript library.

As described in a recently published paper, "Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web," researchers from Northeastern University in Boston, Massachusetts, have found that many websites rely widely on insecure versions of JavaScript libraries and that there's no immediate way to eliminate this problem.

"Notorious for security vulnerabilities," as the paper's six authors put it, JavaScript has come to depend on a wide variety of libraries that extend its capabilities, such as jQuery, Angular, and Bootstrap.

Unfortunately, JavaScript libraries may not be kept up-to-date and there's no agreed-upon system for ensuring that web apps don't load vulnerable library code.

collect
0
avatar
William Franklin
Mar 14, 2017 08:56
guide
Zupyak is a free content platform for publishing and discovering stories, software and startups.