Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web

  title={Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web},
  author={Tobias Lauinger and A. Chaabane and Sajjad Arshad and W. Robertson and Christo Wilson and E. Kirda},
  • Tobias Lauinger, A. Chaabane, +3 authors E. Kirda
  • Published 2017
  • Computer Science
  • ArXiv
  • Web developers routinely rely on third-party Java-Script libraries such as jQuery to enhance the functionality of their sites. [...] Key Result This demonstrates that not only website administrators, but also the dynamic architecture and developers of third-party services are to blame for the Web's poor state of library management. The results of our work underline the need for more thorough approaches to dependency management, code maintenance and third-party code inclusion on the Web.Expand Abstract
    70 Citations
    Extracting Taint Specifications for JavaScript Libraries
    • 4
    • PDF
    Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers
    • 31
    • PDF
    Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting
    • 23
    • PDF
    Assessing the Impact of Script Gadgets on CSP at Scale
    • 1
    • PDF
    VisibleV8: In-browser Monitoring of JavaScript in the Wild
    • 11
    Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android
    • 74
    • Highly Influenced
    • PDF


    A measurement study of insecure javascript practices on the web
    • 25
    • PDF
    FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications
    • 124
    • PDF
    25 million flows later: large-scale detection of DOM-based XSS
    • 120
    • PDF
    The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching
    • 96
    • PDF
    Reliable Third-Party Library Detection in Android and its Security Applications
    • 162
    • PDF