資訊科技日新月異,自1999年提出Web 2.0開始,網頁的型態越來越多樣化。隨著多裝置時代的到來,許多以往必須在電腦上安裝軟體才能達到的功能,逐漸轉移到雲端服務上,以實現跨平台的需求。原先如Flash等廠商獨有技術實現了複雜的內容,但也造成了跨平台的障礙。於是,這促使網頁標準化的產生,作為標準的用戶端腳本語言的JavaScript也就日漸重要。 如今,網路服務蓬勃發展,JavaScript也變得隨處可見,隨之而來的就是JavaScript安全的議題。駭客的攻擊手法不斷的更新,如何及時有效的防禦新型態的攻擊是個重要的課題。本篇論文著重於JavaScript在用戶端的防禦,將雲端安全分析服務VirusTotal整合至瀏覽器中,能讓使用者在瀏覽網頁的同時,使用最新的惡意程式資料庫來分析網際網路上各種JavaScript檔案的行為,並阻擋惡意程式碼的執行。;Information technology is changing rapidly. Since Web 2.0 concepts have been proposed in 1999, web patterns are getting more diverse. With the advent of the multi-device era, lots of the features which must install software into computers has been gradually transferred to the cloud services for implement cross-platform. Although some vendor’s proprietary languages, such as Flash, might reach some of the demand for presenting complex content, it impeded the cross-platform development. Thus, it promotes the establishment of the web standards. And JavaScript, as a standard of client-side scripting language, has become increasingly important. At present, web services have been flourishing. JavaScript becomes ubiquitous and is visible everywhere, thereby the security issues of JavaScript should be taken seriously. Since types of hacker attack techniques are constantly evolving, it is a big topic that how timely and effectively defends new patterns of attack. We proposed CPJ mechanism, it focuses on the client-side defense against JavaScript style attacks. We integrate VirusTotal, a cloud-bases security analysis service, into a browser. Therefore, with the latest malware database, it can analyze the behavior of a variety of JavaScript files. It allows the browser to block malicious code when the user browses the internet.
