Introduction

Sboxr DOM is a dedicated tool for DOM Security Analysis that can automatically detect over 30 DOM Security Issues.

It is pronounced as S-BOXER

Web security tools overwhelmingly focus on server-side vulnerabilities. The client-side JS code has become very complex and feature-rich in most modern web applications. So a dedicated tool is needed to analyze this just like there are dedicated tools for analyzing the security of mobile apps. Client-side security analysis usually only goes as far as looking for a few variants of DOM XSS. Any further analysis requires a lot of expertise and is usually very time and effort intensive.

This is where Sboxr comes in, right from covering the more obscure variants of DOM XSS to entirely new categories of issues. It will significantly increase your test coverage while simultaneously reducing the time and effort involved.

The list of DOM Security Issues found by Sboxr are:

#

Issue

Type

Category

1

Data from attacker controllable navigation based DOM properties is executed as HTML

Error

Code Execution

2

Data from attacker controllable navigation based DOM properties is executed as JavaScript

Error

Code Execution

3

Data from attacker controllable URL based DOM properties is executed as HTML

Error

Code Execution

4

Data from attacker controllable URL based DOM properties is executed as JavaScript

Error

Code Execution

5

Non-HTML format Data from DOM storage is executed as HTML

Warning

Code Execution

6

Non-JavaScript format Data from DOM storage is executed as JavaScript

Warning

Code Execution

7

HTML format Data from DOM storage is executed as HTML

Info

Code Execution

8

JavaScript format Data from DOM storage is executed as JavaScript

Info

Code Execution

9

Data from user input is executed as HTML

Warning

Code Execution

10

Data from user input is executed as JavaScript

Warning

Code Execution

11

Non-HTML format Data taken from external site(s) (via Ajax, WebSocket or Cross-Window Messages) is executed as HTML

Error

Code Execution

12

Non-JavaScript format Data taken from external site(s) (via Ajax, WebSocket or Cross-Window Messages) is executed as JavaScript

Error

Code Execution

13

HTML format Data taken from external site(s) (via Ajax, WebSocket or Cross-Window Messages) is executed as HTML

Warning

Code Execution

14

JavaScript format Data taken from external site(s) (via Ajax, WebSocket or Cross-Window Messages) is executed as JavaScript

Warning

Code Execution

15

Non-HTML format Data taken from across sub-domain (via Ajax, WebSocket or Cross-Window Messages) is executed as HTML

Warning

Code Execution

16

Non-JavaScript format Data taken from across sub-domain (via Ajax, WebSocket or Cross-Window Messages) is executed as JavaScript

Warning

Code Execution

17

HTML format Data taken from across sub-domain (via Ajax, WebSocket or Cross-Window Messages) is executed as HTML

Info

Code Execution

18

JavaScript format Data taken from across sub-domain (via Ajax, WebSocket or Cross-Window Messages) is executed as JavaScript

Info

Code Execution

19

Non-HTML format Data taken from same domain (via Ajax, WebSocket or Cross-Window Messages) is executed as HTML

Warning

Code Execution

20

Non-JavaScript format Data taken from same domain (via Ajax, WebSocket or Cross-Window Messages) is executed as JavaScript

Warning

Code Execution

21

HTML format Data taken from same domain (via Ajax, WebSocket or Cross-Window Messages) is executed as HTML

Info

Code Execution

22

JavaScript format Data taken from same domain (via Ajax, WebSocket or Cross-Window Messages) is executed as JavaScript

Info

Code Execution

23

Weak Hashing algorithms are used

Error

Cryptography

24

Weak Encryption algorithms are used

Error

Cryptography

25

Weak Decryption algorithms are used

Error

Cryptography

26

Cryptographic Hashing Operations were made

Info

Cryptography

27

Encryption operations were made

Info

Cryptography

28

Decryption operations were made

Info

Cryptography

29

Potentially Sensitive Data is leaked (via HTTP, Ajax, WebSocket or Cross-Window Messages)

Error

Data Leakage

30

Potentially Sensitive Data is leaked through Referrer Headers

Error

Data Leakage

31

Data is leaked through HTTP

Warning

Data Leakage

32

Data is leaked through WebSocket

Warning

Data Leakage

33

Data is leaked through Cross-Window Messages

Warning

Data Leakage

34

Data is leaked through Referrer Headers

Warning

Data Leakage

35

Potentially Sensitive Data is stored on Client-side Storage (in LocalStorage, SessionStorage, Cookies or IndexedDB)

Warning

Data Storage

36

Data is stored on Client-side Storage (in LocalStorage, SessionStorage, Cookies or IndexedDB)

Info

Data Storage

37

Cross-window Messages are sent insecurely

Error

Communication

38

Cross-site communications are made

Warning

Communication

39

Communications across sub-domains are made

Warning

Communication

40

Same Origin communications are made

Info

Communication

41

JavaScript code is loaded from Cross-site Sources

Warning

JS Code

42

JavaScript code is loaded from across sub-domains

Info

JS Code

43

JavaScript code is loaded from Same Origin

Info

JS Code

Last updated