University at Buffalo (UB)
Defending Against Website Formjacking Attacks
Seeking undergraduate researcher to work on a project that defends against a web attack named formjacking, where attackers inject malicious javaScript into a web page that steals sensitive payment information.
Project description
I am looking for an undergraduate researcher to work on a project that defends against a web attack named formjacking. Formjacking is a type of attack where attackers inject malicious JavaScript into a web page that steals sensitive information (e.g. credit card or password) from the payment form on e-commerce websites.
Here are some articles about this attack that hit popular websites in 2018:
- https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/formjacking-targeting-popular-stores
- https://nakedsecurity.sophos.com/2018/09/04/credit-card-gobbling-code-found-piggybacking-on-ecommerce-sites/
Here is an additional link to the source code samples an attacker might have used in this project:
I am looking for an undergraduate researcher to:
- look for the above source code samples as well as searching for other samples for this purpose
- run and understand how samples work differently from one another, and
- implement a defense techniques either at the JavaScript level or by modifying browser JS engine.
Prerequisite: Familiarity with JavaScript is required. Previous experience in browser instrumentation is a plus! In addition, to understand the JS samples, running deobfuscator tools may be needed because the client side JS code are often obfuscated to avoid anti-malware detections. Please contact me if you're interested in this project.
Project outcome
The specific outcomes of this project will be identified by the faculty mentor at the beginning of your collaboration.
Project details
| Length of commitment | To be determined by student/mentor |
| Start time | Anytime |
| In-person, remote, or hybrid? | In-person |
| Level of collaboration | To be determined by student/mentor |
| Benefits | Academic credit, Salary/Stipend, Volunteer, Work Study |
| Who is eligible | Student with experience in JavaScript programming and browser JS engine instrumentation |
Goldwater and the National Science Foundation
Students participating in this project might be interested in and eligible for the Goldwater Scholarship and the National Science Foundation Graduate Research Fellowship. Connect with the Office of Fellowships and Scholarships to learn more.
Project mentor
Weihang Wang
Assistant Professor
Computer Science and Engineering
Start the project
- Email the project mentor using the contact information above to express your interest and get approval to work on the project. (Here are helpful tips on how to contact a project mentor.)
- After you receive approval from the mentor to start this project, click the button to start the digital badge. (Learn more about ELN's digital badge options.)
Preparation activities
The specific preparation activities for this project will be customized through discussions between you and your project mentor. Please be sure to ask them for the instructions to complete the required preparation activities.
Keywords
Computer Science and Engineering