Defending Against Website Formjacking Attacks

web script.

Seeking undergraduate researcher to work on a project that defends against a web attack named formjacking, where attackers inject malicious javaScript into a web page that steals sensitive payment information.

Project description

I am looking for an undergraduate researcher to work on a project that defends against a web attack named formjacking. Formjacking is a type of attack where attackers inject malicious JavaScript into a web page that steals sensitive information (e.g. credit card or password) from the payment form on e-commerce websites.

Here are some articles about this attack that hit popular websites in 2018:

Here is an additional link to the source code samples an attacker might have used in this project:

I am looking for an undergraduate researcher to:

  1. look for the above source code samples as well as searching for other samples for this purpose
  2. run and understand how samples work differently from one another, and
  3. implement a defense techniques either at the JavaScript level or by modifying browser JS engine.

Prerequisite: Familiarity with JavaScript is required. Previous experience in browser instrumentation is a plus! In addition, to understand the JS samples, running deobfuscator tools may be needed because the client side JS code are often obfuscated to avoid anti-malware detections. Please contact me if you're interested in this project.

Project outcome

The specific outcomes of this project will be identified by the faculty mentor at the beginning of your collaboration. 

Project details

Timing, eligibility and other details
Length of commitment To be determined by student/mentor
Start time Anytime
Level of collaboration To be determined by student/mentor
Benefits Academic credit, Salary/Stipend, Volunteer, Work Study
Who is eligible Student with experience in JavaScript programming and browser JS engine instrumentation
Support Funding is available after the completion of the preparation badge. See below.
Goldwater and the National Science Foundation

Students participating in this project might be interested in and eligible for the Goldwater Scholarship and the National Science Foundation Graduate Research Fellowship. Connect with the Office of Fellowships and Scholarships to learn more.

Project mentor

Weihang Wang

Assistant Professor

Computer Science and Engineering


Phone: (716) 645-0306



To engage with this project, you will work through a series of Project-Based Collaboration digital badges to guide your experience. 

To get started, contact the project mentor using the contact information above to discuss availability and after you’ve received approval, you can start the Project Preparation Digital Badge. Here are helpful tips on how to contact a project mentor

Preparation guidance

The specific preparation activities for this project are being finalized by the project mentor. Once they are finalized, this section will be updated. In the meantime, please reach out to the project mentor to confirm what specific preparation activities you should complete for the Project Preparation Digital Badge.