Insecure JavaScript Detection and Analysis with Browser-Enforced Embedded Rules

The JavaScript language is an interpretive programming language which is used to enhance the client-side interactivity and functionality. However, it has been much exploited by malicious parties to launch browser-based security attacks. Currently there are many security vulnerabilities assessment tools, and browsers provide sand-boxing mechanisms to protect the JavaScript code from compromising the security of the client´s environment, but, unfortunately, nowadays the attacks against web applications often take advantage of the browser´s own function to carry out attacks. Based on the above problems, we put forward an approach to solve the problem that is based on monitoring JavaScript code execution to detect malicious code behavior and we don´t need to carry out the static analysis of JavaScript code, just compare the execution to high-level inspection rules. While visiting the website we insert the security inspection rules into the website to analyze the potential safety hazard.