Operating Systems/Programming

Javascript and VBscript

What is Javascript and VBscript? How are they used in web pages? What are the security concerns of each?

JavaScript- This language is the final choice after “Mocha” and “LiveScript” for form submission/validation, interactivity, animations, and user activity tracking; it was created by Brendan Eich from Netscape to be primarily used in dynamic web development, PDF documents, desktop widgets, web browsers, and commonly used by companies such as Google, Mozilla, and Adobe.

Similar to all programming languages, JavaScript certainly has its vulnerabilities, including source code vulnerabilities, input validation, stolen session data, filtering input, escaping/encoding user input, unintended script execution, reliance on client-side validation, and inducing users to perform unintended actions. To help protect against JavaScript’s known threats, avoiding the eval() command is an excellent start as it executes past arguments as if it was a JavaScript expression, potentially allowing hackers to run any scripts they wish. One can also enable encryption, use secure cookies, and utilize API access keys.

VBScript- Also called Visual Basic Script, VBScript was developed by Microsoft for the creation of dynamic web pages; it utilizes a client-scripting language similar to JavaScript yet allows a website to enjoy greater customization and be interactive. VB Scripts can run on WSH (Windows Script Host), IE (Internet Explorer), and IIS (Internet Information Server) (Guru99, n.d.). VBScript has several known vulnerabilities, including buffer overflow flaws, unauthorized remote arbitrary code execution, scripting memory reallocation flaws, issues with Internet Explorer, and various memory corruption vulnerabilities.

References

Simpson, M. T., & Antill, N. (2017). Hands-On Ethical Hacking and Network Defense. Boston, MA. Cengage Learning.

Miller, A. (2021, February 04). Javascript security: Javascript vulnerabilities. Retrieved May 04, 2021, from https://snyk.io/learn/javascript-security/.

Guru99. (n.d.). What is VBScript? Introduction & examples. Retrieved May 04, 2021, from https://www.guru99.com/introduction-to-vbscript.html

CVE Details. (n.d.). Microsoft ” Vbscript: Vulnerability Statistics. Retrieved May 04, 2021, from https://www.cvedetails.com/product/20672/Microsoft-Vbscript.html?vendor_id=26.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s