Defending Against Website Formjacking Attacks

web script.

Seeking undergraduate researcher to work on a project that defends against a web attack named formjacking, where attackers inject malicious javaScript into a web page that steals sensitive payment information.

Project description

I am looking for an undergraduate researcher to work on a project that defends against a web attack named formjacking. Formjacking is a type of attack where attackers inject malicious JavaScript into a web page that steals sensitive information (e.g. credit card or password) from the payment form on e-commerce websites.

Here are some articles about this attack that hit popular websites in 2018:

Here is an additional link to the source code samples an attacker might have used in this project:

I am looking for an undergraduate researcher to:

  1. look for the above source code samples as well as searching for other samples for this purpose
  2. run and understand how samples work differently from one another, and
  3. implement a defense techniques either at the JavaScript level or by modifying browser JS engine.

Prerequisite: Familiarity with JavaScript is required. Previous experience in browser instrumentation is a plus! In addition, to understand the JS samples, running deobfuscator tools may be needed because the client side JS code are often obfuscated to avoid anti-malware detections. Please contact me if you're interested in this project.

Project outcome

The specific outcomes of this project will be identified by the faculty mentor at the beginning of your collaboration. 

Project details

Timing, eligibility and other details
Length of commitment To be determined by student/mentor
Start time Anytime
Level of collaboration To be determined by student/mentor
Benefits Academic credit, Salary/Stipend, Volunteer, Work Study
Who is eligible Student with experience in JavaScript programming and browser JS engine instrumentation
Goldwater and the National Science Foundation

Students participating in this project might be interested in and eligible for the Goldwater Scholarship and the National Science Foundation Graduate Research Fellowship. Connect with the Office of Fellowships and Scholarships to learn more.

Project mentor

Weihang Wang

Assistant Professor

Computer Science and Engineering

338G

Phone: (716) 645-0306

Email: weihangw@buffalo.edu

Start the project

  1. Email the project mentor using the contact information above to express your interest and get approval to work on the project. (Here are helpful tips on how to contact a project mentor.)
  2. After you receive approval from the mentor to start this project, click the button to start the digital badge. (Learn more about ELN's digital badge options.) 
Fulfilling Academic Major/Minor Requirements

If you are planning to use this project to satisfy program requirements for your academic major or minor, it is your responsibility to obtain approval from your academic department prior to beginning the project. 

Preparation activities

The specific preparation activities for this project will be customized through discussions between you and your project mentor. Please be sure to ask them for the instructions to complete the required preparation activities.