Tag : WebView


The Top 5 Exfiltration Attacks on WebViews

Jan 22, 2018 By Erez Yalon | This is part three of a three-part series. Click for part 1 and part 2. 
  WebViews are a huge advantage when it comes to portability. But at what cost?   By allowing Web content to interact with native functions, a window of attack possibilities is opened. Old versions of Android (until API 17) allowed Remote Code Execution when an attacker was able to abuse a JavaScript Interface. Although this vulnerability was fixed in recent API versions, such attacks can still be devastating. It just depends on how the JavaScript Interface is implemented.  

</Read More>

JavaScript Attacks in WebViews

Dec 07, 2017 By Erez Yalon | This is part two of a three-part series. Click for part 1 and part 3. 
  JavaScript is widely used due to its outstanding functionality. Its presence in a website can solve many problems, however it can also introduce critical security issues. It is this very compromise that has to be carefully analyzed in the decision of allowing or not allowing JavaScript to be executed in WebView.   Some of the most aggressive JavaScript attacks will be presented in this blog post for awareness; with development teams in mind and as a contribution to the safe code propagation.  

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.