To see the other types of publications on this topic, follow the link: Browser Vulnerability.
Journal articles on the topic 'Browser Vulnerability'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Browser Vulnerability.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Fajar, Abdullah, Setiadi Yazid, ., and . "Web Browser Vulnerabilities and Weakness Descriptive Analysis: Is it Chrome Keep Dominant?" International Journal of Engineering & Technology 7, no. 4.44 (2018): 242. http://dx.doi.org/10.14419/ijet.v7i4.44.26999.
Full textAbstract:
Web Browser play the important mandatory role in accessing the application through the internet and may carry malicious content to the system hence threatening the system from the attacker. Google Chrome is one of popular browser since released on 2008 as one of product of Chromium Project at Google. Chrome is fourth ranking in Common Vulnerabilities Enumeration website and the first ranking among browser that have most of vulnerabilities reported. This paper describe a Descriptive analysis of weakness and vulnerabilities of Chrome browser. The analysis use comparison approach to other popular browser such as Safari and Firefox. The analysis also use main reference and database from mitre.org which have common weakness enumeration database and scoring system calculation for vulnerability. This work cover responsiveness rate among them regarding weakness and vulnerabilities update duration and severity rate. The validation has performed using Descriptive test regarding weakness and vulnerability behavior. According to Architectural, Development and Research Conceptual weakness reported, the browsers has not significantly indicate the difference except between Chrome and Firefox in research conceptual weakness. The severity of browser vulnerabilities shown by Firefox and the best responsiveness to update browser weakness shown by Chrome, followed by Safari. Using Descriptive analysis, Chrome will keep dominant against the other browser, while Firefox and Safari potentially become unpopular such as Internet Explorer for upcoming time.
2
Chalyi, Oleksii, Kęstutis Driaunys, and Vytautas Rudžionis. "Assessing Browser Security: A Detailed Study Based on CVE Metrics." Future Internet 17, no. 3 (2025): 104. https://doi.org/10.3390/fi17030104.
Full textAbstract:
This study systematically evaluates the vulnerabilities of modern web browsers using developed indices derived from the CVE database, including ICVE, ICVSS, IR and IT. These indices incorporate metrics such as vulnerability severity and risks, along with browser popularity, to enable a balanced comparison of browser security. The results highlight significant differences in browser security: while Google Chrome and Samsung Internet exhibited lower threat indices, Mozilla Firefox demonstrated consistently higher scores, indicating greater exposure to risks. These observations a slightly contradict widespread opinion. The findings emphasize the importance of timely software updates in mitigating vulnerabilities, as many incidents were linked to outdated browser versions. This study also introduces a robust methodology for assessing browser threats, providing a framework for future research. Potential applications include developing browser-based penetration testing systems to simulate phishing and data extraction scenarios, offering insights into user-specific risks and broader organizational impacts. By combining theoretical analysis with practical implications, this work contributes to advancing browser security and lays the foundation for future applied research in cybersecurity.
3
Junjie Wang, Xiaohong Li, Bobo Yan, and Zhiyong Feng. "Pointer Analysis Based Vulnerability Detection for Browser Extension." International Journal of Digital Content Technology and its Applications 6, no. 1 (2012): 488–95. http://dx.doi.org/10.4156/jdcta.vol6.issue1.59.
Full text
4
Ray, Loye Lynn. "Countering Cross-Site Scripting in Web-based Applications." International Journal of Strategic Information Technology and Applications 6, no. 1 (2015): 57–68. http://dx.doi.org/10.4018/ijsita.2015010105.
Full textAbstract:
Today's dynamic web-based applications have become a normal and critical asset to an organizations business. They come with an increase in the number of web vulnerabilities and attacks. These weaknesses allow hackers to focus their attention on attacking this important information source. The most common vulnerability is cross-site scripting (XSS) and one of the Open Web Application Security project (OWASP) top ten web-threats. XSS occurs when a Web-based application allows untrusted information be accepted and sent back to a browser. Also they can execute scripts within a browser that can deface web sites, redirect users to malicious content and hijack browsers. One reason for this problem was the lack of developers understanding the causes of XSS. In this paper, the authors address the causes of XSS and countermeasures to defense against these threats.
5
Johnston, Reuben, Shahryar Sarkani, Thomas Mazzuchi, Thomas Holzer, and Timothy Eveleigh. "Multivariate models using MCMCBayes for web-browser vulnerability discovery." Reliability Engineering & System Safety 176 (August 2018): 52–61. http://dx.doi.org/10.1016/j.ress.2018.03.024.
Full text
6
Priyanka, K., Krishna P. Yuvan, Kumar JS Ajay, J. Dharun, N. Rooban, and N. Vinayagamoorthy. "Web Extension for Recon." Journal of Research and Review: Hacking Techniques and Information Security Systems 1, no. 2 (2025): 11–16. https://doi.org/10.5281/zenodo.15589787.
Full textAbstract:
<em>This paper presents a browser extension designed to automate fundamental reconnaissance activities directly within the web browser environment. The extension dynamically captures the URL of the currently active webpage and systematically executes a suite of reconnaissance operations, including subdomain enumeration, HTTP header analysis, DNS resolution, port scanning . By integrating these capabilities natively into the browser, the tool enables security researchers and ethical hackers to rapidly access critical reconnaissance insights without reliance on external utilities or complex configurations. Emphasizing usability, efficiency, and automation, this solution transforms routine webpage visits into immediate opportunities for comprehensive vulnerability assessment, significantly simplifying the initial phases of security analysis.</em>
7
Johnston, Reuben, Shahryar Sarkani, Thomas Mazzuchi, Thomas Holzer, and Timothy Eveleigh. "Bayesian-model averaging using MCMCBayes for web-browser vulnerability discovery." Reliability Engineering & System Safety 183 (March 2019): 341–59. http://dx.doi.org/10.1016/j.ress.2018.11.030.
Full text
8
Darmawan, Candra, Julius Panda Putra Naibaho, and Alex De Kweldju. "Penerapan Metode Vulnerability Assessment untuk Identifikasi Keamanan Website berdasarkan OWASP ID Tahun 2021." Edumatic: Jurnal Pendidikan Informatika 8, no. 1 (2024): 272–81. http://dx.doi.org/10.29408/edumatic.v8i1.25834.
Full textAbstract:
Universities, as educational institutions, are potential targets of cyber attacks. This is inevitable problem, one of which the University of Papua (UNIPA). The purpose this research is to find the security gaps the UNIPA website based on OWASP ID in 2021 and implement mitigation. Type of research is quantitative research with Vulnerability Assessment and Penetration Testing Life Cycle (VAPT) method. The VAPT method in research goes through five stages, namely scope, information gathering, vulnerability assessment, risk assessment, and reporting. The object of research is UNIPA website. Data collection uses primary data, the results of scanning the Zed Attack Proxy (ZAP) application. Data obtained from alerts ID, alerts, risk, and OWASP ID as information on vulnerability of UNIPA website. Research data analysis using OWASP ID. The results our findings, the vulnerability of UNIPA website is influenced by two factors, website security weaknesses and user negligence. Vulnerabilities with alerts ID A1, A2, A3, A4 A5, and A6 are a group website security weaknesses. The solution, vulnerabilities need utilize special systems such as anti-CSRF, CSP, CDN, Strict-Transport-Security Header, and timestamp checking so that the website is proportional. Meanwhile, the vulnerability with alerts ID A7 is a classification of user negligence. The solution is users must use the latest version of the browser. Browsers with latest version have X-Content-Type-Options: nosniff security mechanism to prevent sniffing attacks.
9
Wei, Qiang, Ze Hui Wu, Rong Hua Tao, and Dong Ren. "Authentication Algorithm Based on Hash-Tree for Web Single Sign-On." Applied Mechanics and Materials 490-491 (January 2014): 1368–73. http://dx.doi.org/10.4028/www.scientific.net/amm.490-491.1368.
Full textAbstract:
During the authentication process of web-based single sign-on system, it is insecure that all authentication messages are forwarded by the browser, and its integrity protection is not comprehensive. This vulnerability can be exploited by attackers to bypass the authentication systems, login any account. In this work we analyze the vulnerability threat model and its root causes in detail, and propose an authentication algorithm based on Hash-tree. This algorithm can not only improve the security of the system, but the processing efficiency of the system is also acceptable according to the simulation results.
10
Revyakina, Yelena, Larissa Cherckesova, Olga Safaryan, Denis Korochentsev, Nikolay Boldyrikhin, and Yuri Ivanov. "Possibilities of conducting XSS-attacks and the development of countermeasures." E3S Web of Conferences 224 (2020): 01040. http://dx.doi.org/10.1051/e3sconf/202022401040.
Full textAbstract:
The article describes the investigation process of the possibilities of XSS–attacks, and the development of counteraction means to these attacks. Researches were determined whether XSS–attack can be fulfilled successfully, and vulnerability detection methods can be applied; were developed the logical and structural diagrams of XSS–vulnerability detection program; were realized program implementation (software) of algorithms for detecting XSS–vulnerabilities on the Web – sites. The software implementation is Web extension for the Google Chrome browser. Main purpose of implementing this software is to confirm or deny the presence of XSS–vulnerabilities on the site, and to counteract the possible attack.
11
Hossain, Shahriar, North Sarah, and Chen Wei-Chuen. "EARLY DETECTION OF SQL INJECTION ATTACKS." International Journal of Network Security & Its Applications (IJNSA) 5, no. 4 (2013): 53–65. https://doi.org/10.5281/zenodo.4451606.
Full textAbstract:
SQL Injection (SQLI) is a common vulnerability found in web applications. The starting point of SQLI attack is the client-side (browser). If attack inputs can be detected early at the browse side, then it could be thwarted early by not forwarding the malicious inputs to the server-side for further processing. This paper presents a client-side approach to detect SQLI attacks1 . The client-side accepts shadow SQL queries from the server-side and checks any deviation between shadow queries with dynamic queries generated with user supplied inputs. We measure the deviation of shadow query and dynamic query based on conditional entropy metrics and propose four metrics in this direction. We evaluate the approach with three PHP applications containing SQLI vulnerabilities. The evaluation results indicate that our approach can detect well-known SQLI attacks early at the client-side and impose negligible overhead.
12
Sahana, M. P., and Joyce Lobo Sonali. "A Study on Advanced Cross Site Request Forgery Attacks and its Prevention." Journal of Web Development and Web Designing 4, no. 2 (2019): 31–35. https://doi.org/10.5281/zenodo.3346240.
Full textAbstract:
<em>Cross Site Request Forgery (CSRF) is considered as one of the top vulnerability in today’s network where an untrusted website can force the client browser to send the unauthorized valid appeal to the trusted site. Cross Site Request Forgery will let the trustworthiness of the authentic customer.So far, numerous arrangements have been proposed for the CSRF assaults, for example, the referrer HTTP header, custom HTTP header, origin header, customer site intermediary, browser module and random token affirmation. In any case, existing arrangements isn't so insusceptible as to maintain a strategic distance from this assault. Each one of the arrangements is mostly ensured as it were. This study centers around portraying the execution of various conceivable cross site demand imitation strategies and depicting the entanglements in the assortment of preventive systems of cross site demand falsification thus we proposed some barrier instrument to avoid this defenselessness.</em>
13
Vivek, Somi. "Cross-Origin Resource Sharing Vulnerability Testing: Techniques and Implications." INTERNATIONAL JOURNAL OF INNOVATIVE RESEARCH AND CREATIVE TECHNOLOGY 8, no. 6 (2022): 1–11. https://doi.org/10.5281/zenodo.15593627.
Full textAbstract:
This review article examines weaknesses in Cross- Origin Resource Sharing (CORS) and the necessary testing techniques essential for protection of modern online applications. Safeguarding sensitive user data depends on understanding and mitigating CORS-related risks as online applications become more dynamic and linked. Offering a complete basis for vulnerability detection, the paper looks at several testing techniques including human testing, automated tools, and browser developer tools. Moreover, it emphasizes real events that show the serious results of poorly applied CORS rules, therefore stressing the need for strict security measures. Examined are best practices for CORS security—that is, suitable configuration, regular audits, and increased developer awareness—that help companies to raise their security posture. The report presents expected developments in CORS security including machine learning for identifying anomalies and centralized policy management. This mix of strategies and penalties gives businesses trying to keep high levels of safety in a digital context significant new insight.
14
Mira Orisa and Michael Ardita. "VULNERABILITY ASSESMENT UNTUK MENINGKATKAN KUALITAS KEMANAN WEB." Jurnal Mnemonic 4, no. 1 (2021): 16–19. http://dx.doi.org/10.36040/mnemonic.v4i1.3213.
Full textAbstract:
Aplikasi yang dibangun berbasis web rentan terhadap serangan. Setiap orang bisa terhubung dengan sebuah website melalui web browser seperti Mozilla firefox atau crome dan lainnya. Pada masa pendemi seperti saat ini banyak sekali masyarakat memanfaatkan internet sebagai media informasi. Pada umumnya penggunaan aplikasi web banyak dipakai oleh website e-banking, profil perusahaan, toko online,pemesanan tiket kereta api,sistem akademik kampus dan lain sebagainya. Kerentanan terjadi karena Banyak aplikasi web dirancang dari awal tanpa memperhitungkan masalah keamanan. Biasanya, aplikasi dirancang oleh orang yang tidak berpengalaman dalam bidang keamanan web.sehingga memungkinkan banyak celah keamanan dalam website mereka. Metode vulnerability assessment ini adalah cara terbaik saat ini untuk membantu pihak-pihak tertentu dalam menjaga keamanan aplikasi web mereka. Dengan melakukan vulneribility assessment dapat mengidentifikasi macam-macam celah yang memungkinkan masuknya serangan. Metode ini dapat membantu pihak-pihak tertentu untuk mengambil tindakan pencegahan terhadap serangan atau suatu kerusakan akibat kejahatan dunia maya. Network mapping atau dikenal dengan Nmap dapat membantu para master web untuk melakukan vulnerability assessment. Nmap bekerja optimal di system operasi linux. Banyak sekali fitur-fitur yang ditawarkan oleh Nmap yang dapat dimanfaatkan oleh master web. Dengan menggunakan Nmap dapat dilakukan pengecekan kerentanan pada otentikasi pengguna, kerentanan dari serangan denial of service, form upload dan mengecek bug.
15
Buja, Alya Geogiana, Nurul Syahirah Khairuddin, Noor Afni Deraman, and Khyrina Airin Fariza Abu Samah. "Development of a browser extension for web application vulnerability detection, avoidance, and secure browsing (VDAS)." International Journal of Advanced Technology and Engineering Exploration 8, no. 77 (2021): 537–44. http://dx.doi.org/10.19101/ijatee.2020.762187.
Full text
16
Vamsi, Mohan, and Sandeep Malik Dr. "Secure Web Applications Against Cross Site Scripting XSS A Review." International Journal of Trend in Scientific Research and Development 2, no. 1 (2017): 900–903. https://doi.org/10.31142/ijtsrd7135.
Full textAbstract:
Cross Site Scripting XSS attacks are most common vulnerability issues in the digital era for the Web applications. These attacks occur, when an attacker uses a web application to send malicious code in the form of client side script. These scripts exploit the vulnerabilities in the code and resulting in a serious consequence like theft of cookies, passwords and any confidential user data. In extreme cases, the user may have lost his her control on the browser. In this paper, we explained detection, and prevention of Cross Site Scripting XSS vulnerability attacks through a systematic review process. Vamsi Mohan | Dr. Sandeep Malik "Secure Web Applications Against Cross Site Scripting (XSS): A Review" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-1 , December 2017, URL: https://www.ijtsrd.com/papers/ijtsrd7135.pdf
17
Khusnani, Azmi, Adi Jufriansah, and Mulya Afriyanto. "Utilization of Seismic Data as a Tsunami Vulnerability Review." Indonesian Review of Physics 5, no. 2 (2022): 66–72. http://dx.doi.org/10.12928/irip.v5i2.6706.
Full textAbstract:
This study aimed to analyze seismic data, which is then made into an infographic to map the level of tsunami hazard in the Sikka District. The research was carried out in Sikka District, East Nusa Tenggara, located between 121°55'40''-122°41'30'' east longitude and 08°22'-08°50' south latitude. The data source comes from the IRIS Earthquake Browser, and the analysis stage was carried out in two phases. The first analysis used seismic data analysis, and EQ Energy used IRIS (Incorporated Research Institutions for Seismology) data. Meanwhile, the second analysis maps the tsunami risk by determining the tsunami hazard in areas with the potential for a tsunami. Based on the analysis of seismicity data showed that Sikka District has the potential for an earthquake accompanied by a tsunami. In contrast, the results of the EQ Energy analysis caused by the December 14, 2021 earthquake were known as the value of Ehf = 6.46 × 1014 J and EBB = 5.48 × 1015 J. The analysis of the level of tsunami susceptibility based on the tsunami run-up height in Sikka District showed that the northern coastal area of Flores had various potentials, where the highest vulnerability level was in the Alok subdistrict and parts of Talibura. Meanwhile, the area with the lowest potential was the Kewapante subdistrict.
18
Syverson, Paul, Rasmus Dahlberg, Tobias Pulls, and Rob Jansen. "Onion-Location Measurements and Fingerprinting." Proceedings on Privacy Enhancing Technologies 2025, no. 2 (2025): 512–26. https://doi.org/10.56553/popets-2025-0074.
Full textAbstract:
Onion-Location makes it easy for websites offering onion service access to support automatic discovery in Tor Browser of the random-looking onion address associated with their domain. We provide the first measurement study of how many websites are currently using Onion-Location. We also describe the open-source tools we created to conduct the study. Onion-Location has been criticized elsewhere for its lack of transparency and vulnerability to blocking. Perhaps even more troubling, we show that Onion-Location is vulnerable to very accurate fingerprinting. We present recommended changes to and alternatives to Onion-Location as well as steps towards even more secure onion discovery and association.
19
Prazyan, K. A. "BASIC PRINCIPLES OF BUILDING BLACK-BOX VULNERABILITY SCANNER OF WEB RESOURCE." Issues of radio electronics, no. 11 (November 20, 2018): 45–47. http://dx.doi.org/10.21778/2218-5453-2018-11-45-47.
Full textAbstract:
The article discusses the main provisions for constructing a vulnerability scanner for a web resource based on the «black box» technique. The definitions of the Mealy automaton are introduced, applicable to the web application. An example of the use of the Mealy automaton for constructing transition graphs on the links of a web resource is given. An algorithm for constructing a graph based on sent requests and received answers is proposed. Describe the alleged problems that arise in the scanner. There are proposed ways of solving the problems obtained with the use of additional mechanisms and work algorithms. When the algorithm is running and transitions are added, the new vertex is colored with one of the colors, if a repeated state is detected. As a result, we have a colored graph, which may collapse in the same colors. The user in the browser moving inside the web application performs sequential actions, the scanning technique is as close as possible to the real actions of the average user and provides a top-down view of the content, as well as the probability of clicking on the link. Thus determined group of sequential requests that change the state of the scanner.
20
Bhatt, Navneet, Adarsh Anand, and Deepti Aggrawal. "Improving system reliability by optimal allocation of resources for discovering software vulnerabilities." International Journal of Quality & Reliability Management 37, no. 6/7 (2019): 1113–24. http://dx.doi.org/10.1108/ijqrm-07-2019-0246.
Full textAbstract:
Purpose The purpose of this paper is to provide a mathematical framework to optimally allocate resources required for the discovery of vulnerabilities pertaining to different severity risk levels. Design/methodology/approach Different sets of optimization problems have been formulated and using the concept of dynamic programming approach, sequence of recursive functions has been constructed for the optimal allocation of resources used for discovering vulnerabilities of different severity scores. Mozilla Thunderbird web browser data set has been considered for giving the empirical evaluation by working with vulnerabilities of different severities. Findings As per the impact associated with a vulnerability, critical and high severity level are required to be patched promptly, and hence, a larger amount of funds have to be allocated for vulnerability discovery. Nevertheless, a low or medium risk vulnerability might also get exploited and thereby their discovery is also crucial for higher severity vulnerabilities. The current framework provides a diversified allocation of funds as per the requirement of a software manager and also aims at improving the discovery of vulnerability significantly. Practical implications The finding of this research may enable software managers to adequately assign resources in managing the discovery of vulnerabilities. It may also help in acknowledging the funds required for various bug bounty programs to cater security reporters based on the potential number of vulnerabilities present in software. Originality/value Much of the attention has been focused on the vulnerability discovery modeling and the risk associated with the security flaws. But, as far as the authors’ knowledge is concern, there is no such study that incorporates optimal allocation of resources with respect to the vulnerabilities of different severity scores. Hence, the building block of this paper contributes to future research.
21
Rahman, Aulia, Indra Indra, Nuralamsah Zulkarnaim, Muhammad Mukhram, and Agung Rizaldi. "ANALISIS IMPLEMENTASI NUCKLEI VULNERABILITY DAN OWASP-ZAP SCANNER UNTUK DETEKSI KERENTANAN KEAMANAN (SECURE SYSTEM) PADA PLATFORM WEB BASED." Jurnal Komputer Terapan 11, no. 1 (2025): 10–15. https://doi.org/10.35143/jkt.v11i1.6430.
Full textAbstract:
Web-based platform security is an important aspect that developers must consider. However, numerous developer still exhibit insufficient attention to enhancing the security level of their websites, thereby increasing the likelihood of these platforms becoming targets of cyber attacks. To address this challenge, the utilization of tools such as Nuclei Vulnerability Scnner and Owasp Zap presents an effective solution for the rapid detection of potential vulnerabilities in web-based platforms. This research involved testing a locally developed dummy web application , with scanning processes conducted using the Nuclei Vulnerability Scanner and Owasp Zap tools. The findings reveal that Nuclei Vulnerability Scanner proves effective in identifying vulnerabilities at the network layer, particularly in relation to SSL/TLS protocols and proxy configurations. In contrast, Owasp Zap is more focused on detecting vulnerabilities within the web application layer, especially concerning security header configurations that may be exploited through browser-based attacks such as XSS and clickjacking. Mitigation of the identified vulnerabilities resulted in a substantial reduction in their severity, with a 90% decrease in Nuclei and an 80% reduction in Owasp Zap. Both tools demonstrated high accuracy and efficient scanning times, establishing them as effective solutions for enhancing security across both network and application layers. This study recommends the integration of these tools into a comprehensive cyber security strategy to safeguard system integrity and availability while addressing the continuously evolving threat landscape, in alignment with the layered security principle advocated in contemporary literature.
22
Harnes, Håkon, and Donn Morrison. "SoK: Analysis Techniques for WebAssembly." Future Internet 16, no. 3 (2024): 84. http://dx.doi.org/10.3390/fi16030084.
Full textAbstract:
WebAssembly is a low-level bytecode language that enables high-level languages like C, C++, and Rust to be executed in the browser at near-native performance. In recent years, WebAssembly has gained widespread adoption and is now natively supported by all modern browsers. Despite its benefits, WebAssembly has introduced significant security challenges, primarily due to vulnerabilities inherited from memory-unsafe source languages. Moreover, the use of WebAssembly extends beyond traditional web applications to smart contracts on blockchain platforms, where vulnerabilities have led to significant financial losses. WebAssembly has also been used for malicious purposes, like cryptojacking, where website visitors’ hardware resources are used for crypto mining without their consent. To address these issues, several analysis techniques for WebAssembly binaries have been proposed. This paper presents a systematic review of these analysis techniques, focusing on vulnerability analysis, cryptojacking detection, and smart contract security. The analysis techniques are categorized into static, dynamic, and hybrid methods, evaluating their strengths and weaknesses based on quantitative data. Our findings reveal that static techniques are efficient but may struggle with complex binaries, while dynamic techniques offer better detection at the cost of increased overhead. Hybrid approaches, which merge the strengths of static and dynamic methods, are not extensively used in the literature and emerge as a promising direction for future research. Lastly, this paper identifies potential future research directions based on the state of the current literature.
23
Prazyan, К. А. "EXECUTION AFTER REDIRECTION VULNERABILITIES IN WEB-APPLICATIONS." Issues of radio electronics, no. 3 (March 20, 2019): 71–73. http://dx.doi.org/10.21778/2218-5453-2019-3-71-73.
Full textAbstract:
The article presents the main provisions of the construction of web applications. The mechanism of the application protocol HTTP in the development of web applications. The description of the operation of HTTP status codes and their processing in the user’s browser is given. Describes how to use status codes in the development of web applications. An example of working with a redirection code and header is given. A definition and characterization of execution vulnerabilities after redirection is proposed. Examples of applications vulnerable to run after redirection to server programming languages PHP and Ruby on Rails are given. Describes the problem of typical solutions to neutralize the vulnerability of execution after redirection. A way of writing the source code of the application, taking into account the possibility of execution vulnerabilities after redirection, is proposed. Provides recommendations for writing code.
24
Kurniawan, Ade. "Penerapan Framework OWASP dan Network Forensics untuk Analisis, Deteksi, dan Pencegahan Serangan Injeksi di Sisi Host-Based." Jurnal Telematika 14, no. 1 (2020): 9–18. http://dx.doi.org/10.61769/telematika.v14i1.267.
Full textAbstract:
The Internet has changed the world. The penetration of internet users in 1995 is only 1 percent of the world population, while in 2018, the figure reached 70 percent or 4.5 billion users. Simultaneously, it was reported that eight of the top ten web sites in the world were at a critical point of vulnerability to attacks by injection methods, such as Cross-Site Scripting (XSS) and Structured Query Language Injection (SQLi). Furthermore, XSS and SQLi attacks can be used by certain parties to steal information or specific purposes. In this paper, we research by conducting attack simulations, analyzing packet data, and finally conducting prevention at host-based. Initial simulations of attacks using social engineering attack techniques by sending a phishing email. At this stage of attack simulation, the attack includes information gathering, webcam screenshots, keyloggers, and spoofers. Furthermore, at the stage of analysis, we do with the approach of network forensics with evidence collection techniques using live forensics acquisition. The final stage is prevent (patching) by creating an application or add-on on the browser side by name, XSSFilterAde. This research contribution offers a broad and in-depth study of how to do a simulation, analysis, and finally prevent. Furthermore, the method of protecting the user or host- based solution in the browser application functions to filter, disable plugins, notify, block, and reduce injection attacks.Internet telah mengubah dunia. Internet telah mengubah wajah dunia. Penetrasi pengguna internet di tahun 1995 hanya 1 persen dari populasi dunia, sedangkan di tahun 2018 angkanya telah mencapai 60 persen atau 4,5 miliar pengguna. Secara bersamaan, dilaporkan delapan dari sepuluh situs web teratas di dunia berada pada titik kritis kerentanan terhadap serangan dengan metode injeksi, seperti: Cross-Site Scripting (XSS) dan Structured Query Language Injection (SQLi). Selanjutnya, serangan XSS dan SQLi dapat digunakan oleh pihak tertentu untuk mencuri informasi atau untuk tujuan tertentu. Dalam makalah ini, penelitian dilakukan denganmensimulasikan serangan, analisis paket data, dan terakhir melakukan pencegahan di host-based atau di sisi pengguna. Simulasi awal serangan menggunakan social engineering attack dengan cara mengirim sebuah phishing email. Pada tahapan simulasi serangan ini, serangan meliputi pengumpulan informasi, screenshot webcam, keyloggers, dan spoofer. Selanjutnya, di tahapan analisis, kami melakukan pendekatan network forensics dengan teknik pengambilan barang bukti menggunakan metode live forensics acquisition. Tahapan terakhir adalah mencegah (menambal) dengan membuat sebuah aplikasi atau add-on di sisi browser dengan nama XSSFilterAde. Kontribusi penelitian ini menawarkan sebuah studi secara luas dan mendalam tentang bagaimana melakukan sebuah simulasi,analisis, dan, terahir, melakukan pencegahan (prevent). Lebih jauh, metode solusi perlindungan kepada pengguna atau host-based dalam aplikasi browser berfungsi untuk memfilter, menonaktifkan plugin, memberi tahu, memblokir, dan mengurangi serangan injeksi.
25
Mauricio, Leopoldo, and Marcelo Rubinstein. "A Network Function Virtualization Architecture for Automatic and Efficient Detection and Mitigation against Web Application Malware." Journal of Internet Services and Applications 14, no. 1 (2023): 10–20. http://dx.doi.org/10.5753/jisa.2023.2847.
Full textAbstract:
This paper proposes and implements a Network Function Virtualization (NFV) security architecture to provide automatic and efficient detection and mitigation against Web application malware. The mitigation is given by dynamically chaining a Virtual Security Function (VSF) to the data stream to block malicious exploitation traffic without affecting the benign traffic. We implement an NFV Security Controller (NFV-SC) that interacts with an Intrusion Detection System and a Web Application Firewall (WAF), both implemented as VSFs. We also implement a vulnerability scanner and a mechanism to automatically create rules in advance in the WAF-VSF when a security vulnerability is found in an application, even if no malicious traffic has attempted to exploit the flaw. In addition, it dynamically identifies and removes no longer used security rules to improve performance. We implement and evaluate our security proposal in the Open Platform for NFV (OPNFV). The evaluation results in our experimental scenarios show that the NFV security architecture automatically blocks 99.12% of the HTTP malicious traffic without affecting 93.6% of the benign HTTP requests. Finally, we show that the number of rules in the WAF-VSF severely affects the latency to load HTTP response headers and that the number of redirection OpenFlow rules within Open vSwitches is not enough to significantly impact the end-user experience in modern web browser applications.
26
Kepkowski, Michal, Lucjan Hanzlik, Ian Wood, and Mohamed Ali Kaafar. "How Not to Handle Keys: Timing Attacks on FIDO Authenticator Privacy." Proceedings on Privacy Enhancing Technologies 2022, no. 4 (2022): 705–26. http://dx.doi.org/10.56553/popets-2022-0129.
Full textAbstract:
This paper presents a timing attack on the FIDO2 (Fast IDentity Online) authentication protocol that allows attackers to link user accounts stored in vulnerable authenticators, a serious privacy concern. FIDO2 is a new standard specified by the FIDO industry alliance for secure token online authentication. It complements the W3C WebAuthn specification by providing means to use a USB token or other authenticator (which holds the secret authenticating material and implements FIDO protocols) as a second factor during the authentication process. From a cryptographic perspective, the protocol is a simple challenge-response where the elliptic curve digital signature algorithm is used to sign challenges. To protect the privacy of the user the token uses unique key pairs per service. To accommodate for small memory, tokens use various techniques that make use of a special parameter called a key handle sent by the service to the token with which the token can securely produce an authentication key (through generation or decryption). We identify and analyse a vulnerability in the way the processing of key handles is implemented that allows attackers to remotely link user accounts on multiple services. We show that for vulnerable authenticators there is a difference between the time it takes to process a key handle for a different service but correct authenticator, and for a different authenticator but correct service. This difference can be used to perform a timing attack allowing an adversary to link user’s accounts across services. We present several real world examples of adversaries that are in a position to execute our attack and can benefit from linking accounts. We found that two of the eight hardware authenticators we tested were vulnerable despite FIDO level 1 certification, indicating a not insignificant problem. This vulnerability cannot be easily mitigated on authenticators because, for security reasons, they usually do not allow firmware updates. In addition, we show that due to the way existing browsers implement the WebAuthn standard, the attack can be executed remotely. However, we discuss countermeasures that can be implemented by browser providers to mitigate the remote form of the attack.
27
Ade Gustiyonoo, Erick Irawadi Alwi, and Syahrul Mubarak Abdullah. "Analisa Kerentanan Website Terhadap Serangan Cross-Site Scripting (XSS) Metode Penetration Testing." Cyber Security dan Forensik Digital 7, no. 1 (2024): 25–33. http://dx.doi.org/10.14421/csecurity.2024.7.1.4432.
Full textAbstract:
Serangan cross-site scripting (XSS) merupakan salah satu jenis serangan web yang berbahaya. Serangan ini dapat digunakan untuk mencuri data pengguna, melakukan phising, atau menjalankan skrip berbahaya di browser pengguna. Penelitian ini bertujuan untuk: Menganalisis dan mengidentifikasi kerentanan XSS pada situs website dengan menggunakan metode Penetration Testing serta memberikan rekomendasi kepada pihak PT. Tricon Metalindo Perkasa dari hasil pentest yang telah dilakukan. Metode yang digunakan adalah metode penetrasi testing dengan menggunakan tools OWASP Zap dan Hackbar. Hasil penelitian menemukan alert dianataranya Vulnerable JS Library, X-Frame-Options Header Not Set, Absence Of Anti-CSRF Tokens, Cross-Domain JavaScript Source File Inclusion, Incomplete or No Cache-Control and Pragma HTTP Header Set dan X-Content-Type-Options-Header Missing dengan Risk tingkat menengah (medium) sebanyak 2 temuan, tingkat rendah (low) sebanyak 4 dan condifence tingkat menengah (medium) sebanyak 6 dan menunjukkan bahwa terdapat kerentanan XSS pada website PT. Tricon Metalindo Perkaasa, kerentanan tersebut berupa Reflected XSS yang terletak pada kolom input pencarian dengan tingkat risk medium, kerentanan ini dapat di exsploitation oleh penyerang untuk menampilkan pop-up, melakukan phising, atau mencuri data pengguna. ---------------------------- Cross-site scripting (XSS) attacks are a malicious form of web attacks. These attacks can be used to steal user data, perform phishing, or run malicious scripts in the user's browser. This study aims to: Analyze and identify XSS vulnerability on websites using Penetration Testing method and provide recommendations to PT. Tricon Metalindo Mighty from the results of the pentest that has been carried out. The method used is penetration testing using OWASP Zap and Hackbar tools. The research findings revealed several alerts, including Vulnerable JS Library, X-Frame-Options Header Not Set, Absence of Anti-CSRF Tokens, Cross-Domain JavaScript Source File Inclusion, Incomplete or No Cache-Control and Pragma HTTP Header Set, and Missing X-Content-Type-Options-Header. There were 2 findings categorized as medium risk, 4 findings as low risk, and 6 findings with medium confidence level. These findings indicate the presence of XSS vulnerabilities on the PT. Tricon Metalindo Perkasa website, specifically in the form of reflected XSS located in the search input column with a medium-risk level. This vulnerability can be exploited by attackers to display pop-ups, carry out phishing attempts, or steal user data. Keywords: cross-site scripting (XSS), reflected XSS, OWASP Zap, Penetration
28
M, Indushree, Manjit Kaur, Manish Raj, Shashidhara R, and Heung-No Lee. "Cross Channel Scripting and Code Injection Attacks on Web and Cloud-Based Applications: A Comprehensive Review." Sensors 22, no. 5 (2022): 1959. http://dx.doi.org/10.3390/s22051959.
Full textAbstract:
Cross channel scripting (XCS) is a common web application vulnerability, which is a variant of a cross-site scripting (XSS) attack. An XCS attack vector can be injected through network protocol and smart devices that have web interfaces such as routers, photo frames, and cameras. In this attack scenario, the network devices allow the web administrator to carry out various functions related to accessing the web content from the server. After the injection of malicious code into web interfaces, XCS attack vectors can be exploited in the client browser. In addition, scripted content can be injected into the networked devices through various protocols, such as network file system, file transfer protocol (FTP), and simple mail transfer protocol. In this paper, various computational techniques deployed at the client and server sides for XCS detection and mitigation are analyzed. Various web application scanners have been discussed along with specific features. Various computational tools and approaches with their respective characteristics are also discussed. Finally, shortcomings and future directions related to the existing computational techniques for XCS are presented.
29
Abraham Kalloor, Eric, Dr Manoj Kumar Mishra, and Prof Joy Paulose. "Phishfort – Anti-Phishing Framework." International Journal of Engineering & Technology 7, no. 3.4 (2018): 42. http://dx.doi.org/10.14419/ijet.v7i3.4.14673.
Full textAbstract:
Phishing attack is one of the most common form of attack used to get unauthorized access to users’ credentials or any other sensitive information. It is classified under social engineering attack, which means it is not a technical vulnerability. The attacker exploits the human nature to make mistake by fooling the user to think that a given web page is genuine and submitting confidential data into an embedded form, which is harvested by the attacker. A phishing page is often an exact replica of the legitimate page, the only noticeable difference is the URL. Normal users do not pay close attention to the URL every time, hence they are exploited by the attacker. This paper suggests a login framework which can be used independently or along with a browser extension which will act as a line of defense against such phishing attacks. The semi-automated login mechanism suggested in this paper eliminates the need for the user to be alert at all time, and it also provides a personalized login screen so that the user can to distinguish between a genuine and fake login page quite easily.
30
Shahriar, Hossain, Sarah North, Wei-Chuen Chen, and Edward Mawangi. "Information Theoretic XSS Attack Detection in Web Applications." International Journal of Secure Software Engineering 5, no. 3 (2014): 1–15. http://dx.doi.org/10.4018/ijsse.2014070101.
Full textAbstract:
Cross-Site Scripting (XSS) has been ranked among the top three vulnerabilities over the last few years. XSS vulnerability allows an attacker to inject arbitrary JavaScript code that can be executed in the victim's browser to cause unwanted behaviors and security breaches. Despite the presence of many mitigation approaches, the discovery of XSS is still widespread among today's web applications. As a result, there is a need to improve existing solutions and to develop novel attack detection techniques. This paper proposes a proxy-level XSS attack detection approach based on a popular information-theoretic measure known as Kullback-Leibler Divergence (KLD). Legitimate JavaScript code present in an application should remain similar or very close to the JavaScript code present in a rendered web page. A deviation between the two can be an indication of an XSS attack. This paper applies a back-off smoothing technique to effectively detect the presence of malicious JavaScript code in response pages. The proposed approach has been applied for a number of open-source PHP web applications containing XSS vulnerabilities. The initial results show that the approach can effectively detect XSS attacks and suffer from low false positive rate through proper choice of threshold values of KLD. Further, the performance overhead has been found to be negligible.
31
Ankit, Mistry Mahima. "Unveiling the Underbelly of Web Application Vulnerabilities: A Critical Exploration." International Journal for Research in Applied Science and Engineering Technology 12, no. 10 (2024): 485–90. http://dx.doi.org/10.22214/ijraset.2024.64566.
Full textAbstract:
This study reveals web application weaknesses and demonstrates how frequent security flaws permit unauthorized entry to web solutions. Many web applications are at risk due to the secrecy of the data they store. Recognizing this theme plays a key role in identifying the threats in play. We examined the OWASP's Top 10 weaknesses together with Session Hijacking and Weak Password Management. Violent Monkey shows the methods to take advantage of this breach by mixing practical exploration with tools, including Burp Suite and Nmap, Wireshark, and browser extensions Cookie Editor. With Cookie Editor at hand, session hijacking happens in a moment as session cookies can be easily gathered with Google Dorking and transmitted to a premium account. Violent monkey effectively represents a key illustration of privilege escalation. An authorized user can access premium features by placing a script in the client component of a web service. Errors occur in managing passwords because a 10-thousand-character password gets made and endorsed without input validation from the system. Thanks to these weaknesses, hackers gain unauthorized access and compromise data. Investigating strong vulnerability management motivates this project and encourages additional research into how machine learning can identify weaknesses and provide timely threat-related data
32
Dr., AMMAR ALDALLAL, and KASHIF SHABBIR Dr. "Protecting Web Applications from Cross-Site Scripting Attacks." JOURNAL OF APPLIED ENGINEERING RESEARCH 2017, no. 03 (2017): 18. https://doi.org/10.5281/zenodo.849089.
Full textAbstract:
<em>Existence of cross-site scripting (XSS) vulnerability can be traced back to 1995 during early days of Internet penetration. JavaScript, a programming language developed by Netscape, came into being around the same time. The noble intention of this programming language was for designing web applications to be more interactive. However, cyber criminals also learned how to trick users to load malicious scripts into websites, thus allowing them to access confidential data or compromise services. The enormity of such attacks promoted some organizations to engage in monitoring of XSS attacks and researching on new ways to defeat attacks that are similar to XSS worm on MySpace.com social networking site in 2005. The primary Focus in this aper is to</em><em> try to avoid execution of XSS attacks by providing proper validations and methods to clean the user input from any script tags. XSS attacks can be minimized by proper handling of user input in a web application, which means that’s validating the input provided by the user and stripping it of any of harmful code or tags.</em>
33
Κουτουπές, Σ., Γ. Καραντώνης, Α. Σωτηριάδης, et al. "SEISIMPACT-THES: DESIGN, DEVELOPMENT AND APPLICATION OF AN INFORMATION SYSTEM TO ASSESS THE VULNERABILITY TO EARTHQUAKE HAZARD OF THE BUILT ENVIRONMENT OF THE PREFECTURE OF THESSALONIKI." Bulletin of the Geological Society of Greece 36, no. 3 (2004): 1328. http://dx.doi.org/10.12681/bgsg.16477.
Full textAbstract:
The scope of the present work is to organize into a digital form and evaluate the excellent record of reported damages, connected to the occurrence of the 1978 Thessaloniki earthquake (M 6.5). For this purpose an advanced Information System with open architecture is under development. The system will include:• A properly designed database.• A Geographic Information System containing all the above data (after digitization and corrections) enriched with more recent data, as well as topographic, geological and geophysical data of the region (metropolitan area of Thessalonica).• A model system of accessing the above via web and mobile devices.The information system is designed with an open architecture so it can be easily adapted for use with similar data from other regions, and/or with other geographically distributed information with commercial importance. The data to be collected, stored and used will be described using XML language to facilitate communication among different applications and for flexible expansion to incorporate any new data types that have to be described and stored in the database. The use of XML is considered ideal both for back-end application logic, and as a platform for application and platforms integration. More specifically regarding the latter, methodologies will be developed for application integration based on XML-RPC and SOAP, which will enable flexible exchange of data with external systems and applications. The application will be available through the Internet so the interface of the application will be depicted through a Web Browser, using a desktop PC, a laptop, or - with some restrictions - a PDA.
34
Danuri, Muhamad, Heru Suistiyo, and Wahyono. "Evaluation of The Cyber Religious Education Media with PIECES Framework." Journal of Information Systems and Digital Technologies 2, no. 2 (2020): 58–71. http://dx.doi.org/10.31436/jisdt.v2i2.130.
Full textAbstract:
Community users of digital technologies in the Internet and various facilities such as social media, internet, games and various other applications provide a variety of positive and negative effects. efficiency, safety, comfort and effectiveness are positives of this technology but there are also negative impacts such as the decline of social behavior, crime and moral vulnerability. Although there have been internet ethical guidelines such as Cyber Ethics but have not been able to play a maximum role to be able to control the negative impact. Cyber religious is a model of internet user control of amoral and criminal acts, which can be applied to various elements related to the internet world. One of the applications of cyber religious for user control internet with applications that can detect immoral behavior or crime on the internet through detection on the browser used. It's so easy for someone to access internet information resulting in Uncontrolled Internet users. This can lead to problems such as dangerous access to cysts, pornography, crime, cruelty, abnormal behavior and committing criminal acts to others. Cyber religius proccesing is check the internet access of a person, if found any indication of immorality or crime then the system will provide warning and or provide other information more useful. This research provides various models of cyber religus achitecture with adoptation from some research about connection control with internet network. Each model influences different communities access from small office (LAN), large office (MAN), Access from any country and access to the world.
35
Fu, Yu, Bin Yang, Yaoyuan Cui, et al. "BRD4 inhibition impairs DNA mismatch repair, induces mismatch repair mutation signatures and creates therapeutic vulnerability to immune checkpoint blockade in MMR-proficient tumors." Journal for ImmunoTherapy of Cancer 11, no. 4 (2023): e006070. http://dx.doi.org/10.1136/jitc-2022-006070.
Full textAbstract:
BackgroundMismatch repair deficiency (dMMR) is a well-recognized biomarker for response to immune checkpoint blockade (ICB). Strategies to convert MMR-proficient (pMMR) to dMMR phenotype with the goal of sensitizing tumors to ICB are highly sought. The combination of bromodomain containing 4 (BRD4) inhibition and ICB provides a promising antitumor effect. However, the mechanisms underlying remain unknown. Here, we identify that BRD4 inhibition induces a persistent dMMR phenotype in cancers.MethodsWe confirmed the correlation between BRD4 and mismatch repair (MMR) by the bioinformatic analysis on The Cancer Genome Atlas and Clinical Proteomic Tumor Analysis Consortium data, and the statistical analysis on immunohistochemistry (IHC) scores of ovarian cancer specimens. The MMR genes (MLH1,MSH2,MSH6,PMS2) were measured by quantitative reverse transcription PCR, western blot, and IHC. The MMR status was confirmed by whole exome sequencing, RNA sequencing, MMR assay and hypoxanthine-guanine phosphoribosyl transferase gene mutation assay. The BRD4i AZD5153 resistant models were induced both in vitro and in vivo. The transcriptional effects of BRD4 on MMR genes were investigated by chromatin immunoprecipitation among cell lines and data from the Cistrome Data Browser. The therapeutic response to ICB was testified in vivo. The tumor immune microenvironment markers, such as CD4, CD8, TIM-3, FOXP3, were measured by flow cytometry.ResultsWe identified the positive correlation betweenBRD4and MMR genes in transcriptional and translational aspects. Also, the inhibition of BRD4 transcriptionally reduced MMR genes expression, resulting in dMMR status and elevated mutation loads. Furthermore, prolonged exposure to AZD5153 promoted a persistent dMMR signature both in vitro and in vivo, enhancing tumor immunogenicity, and increased sensitivity to α-programmed death ligand-1 therapy despite the acquired drug resistance.ConclusionsWe demonstrated that BRD4 inhibition suppressed expression of genes critical to MMR, dampened MMR, and increased dMMR mutation signatures both in vitro and in vivo, sensitizing pMMR tumors to ICB. Importantly, even in BRD4 inhibitors (BRD4i)-resistant tumor models, the effects of BRD4i on MMR function were maintained rendering tumors sensitive to ICB. Together, these data identified a strategy to induce dMMR in pMMR tumors and further, indicated that BRD4i sensitive and resistant tumors could benefit from immunotherapy.
36
Di Girolamo, G., S. Peracchia, M. Boero, I. F. Bracco, and F. Oliva. "Streptococcal infections, autoimmunity, and innate immune system in adult ADHD: A preliminary study." European Psychiatry 65, S1 (2022): S335. http://dx.doi.org/10.1192/j.eurpsy.2022.853.
Full textAbstract:
Introduction High rate of streptococcus-like infections and related titers has been found in adult ADHD patients. No studies have expressively investigated innate immune system in ADHD patients. Objectives To evaluate the relationship between streptococcal infections, autoimmunity and innate immune system in adult ADHD patients. Methods The study sample consisted of adult DSM-5 ADHD outpatients referring to the adult ADHD center of “San Luigi Gonzaga” University Hospital and non-clinical adult controls recruited among general population (screened using Adult ADHD Self-Report Scale - ASRS-v.1). All titers were determined in patients’ plasma by specific microwell ELISA kits, whereas genetic polymorphisms were determined by PCR methodology. We compared anti-streptolysin O (ASO), anti-deoxyribonuclease B (anti-DNase B), and anti-basal ganglia antibodies (ABGA) titers of patients with those of controls. Data about history of previous streptococcus/ streptococcus-like infections were collected by ad-hoc form. Furthermore, to investigate the susceptibility to Gram+-borne infections of adult ADHD patients, due to innate immune system impairment, we also evaluated the polymorphism of Toll-like receptors 2, 4, and 9. Results Although ADHD patients did not show higher rate of both previous infections (52.7% vs. 66.7%, p=.678) and ASO titers (18.2% vs. 0.0%, p=.577), they had really higher levels of anti-DNase B (85.5% vs. 16.7%, p=.001) and ABGA titers (78.2% vs. 33.3%, p=.036). Genetic analysis did not underline differences in polymorphism compared to general population (GENOME browser). Conclusions The high association between previous streptococcal infections, basal ganglia autoimmunity among ADHD patients was confirmed. TLR polymorphism does not seem to be involved in this type of vulnerability. Disclosure No significant relationships.
37
Alves, Flaviano de Souza. "CRIMINALIDADE NA DEEP WEB." Revista da Escola Superior de Guerra 33, no. 67 (2019): 123–41. http://dx.doi.org/10.47240/revistadaesg.v33i67.910.
Full textAbstract:
O homem consegue conversar com o mundo inteiro por meio da Internet, fazendo despertar para esta era de inovações e crescimento tecnológico. Embora pareça que, com o surgimento dessas redes, tenha-se estreitado laços entre pessoas de diversas partes do mundo, ao mesmo tempo, esta prática tem aumentado a vulnerabilidade das pessoas. O trabalho tem como objetivo mostrar a rede de atos criminosos existentes dentro da Deep Weeb. A justificativa para este estudo é o crescente interesse sobre o assunto, sobretudo nos meios acadêmicos, militares, nas áreas de Defesa e Segurança e em áreas policiais, visando também à grande necessidade de informar, analisar, investigar e alertar todos os cidadãos sobre os perigos e os riscos aos quais toda a sociedade está exposta. É necessário continuar com novas pesquisas e apontar novos mecanismos de combate para esses crimes cibernéticos, desenvolver melhores softwares (browser, antivírus, firewall etc.) e a configuração ideal desses softwares para acesso seguro a essa camada da rede. Na Deep Web depende de cada um escolher o que buscar.
 
 Man mange to communicate with the entire world through the Internet and have awaked to this era of innovations and technological growth. Although it seems that ties between people from several parts of the world have been strengthened with the emergence of such networks, at the same time, this practice has increased the vulnerability of people. The paper aims to show the criminal acts network within the Deep Web. The rationale for this study is the rising interest on the subject, especially in the academic, military, defense and security areas and in police areas, seeking as well the great need to inform, analyze, investigate and alert all citizens about the dangers and the threats society has been exposed to. It is a need to continue with new researches and point out original mechanisms to combat these cyber crimes, develop better software (browser, antivirus, firewall, etc.) and its ideal configuration for a secure access to this network layer. At Deep Web, the search depends on everyone’s choice.
 
 El hombre logra comunicarse con el mundo entero a través de Internet, haciendo despertar para esta era de innovaciones y crecimiento tecnológico. Aunque parezca que con el surgimiento de esas redes ha estrechado lazos entre personas de diversas partes del mundo, al mismo tiempo, esta práctica ha aumentado la vulnerabilidad de las personas. El trabajo tiene como objetivo de mostrar la red de actos criminales existentes dentro de Deep Weeb. La justificación para este estudio es el creciente interés sobre el tema, sobre todo en los medios académicos, en los militares, en las áreas de Defensa y Seguridad y en áreas policiales, buscando también la gran necesidad de informar, analizar, investigar y alertar a todos los ciudadanos sobre los mismos peligros y los riesgos a los que toda la sociedad está expuesta. Es necesario continuar con nuevas investigaciones y apuntar nuevos mecanismos de combate para esos crímenes cibernéticos, desarrollar mejores softwares (navegador, antivirus, firewall, etc.) y su configuración ideal para acceso seguro a esa capa de la red. En Deep web depende de lo que cada uno elija.
38
Nasenok, Kyrylo, and Maria Voitsekhovska. "Client-side rendering issues in the modern worldwide networ." Technical sciences and technologies, no. 4 (38) (December 30, 2024): 197–207. https://doi.org/10.25140/2411-5363-2024-4(38)-197-207.
Full textAbstract:
Client-side rendering is an approach to rendering web applications, allowing content to be processed and displayed directly in a browser. This method enables web developers to create modular and component-based code that is easily extendable, reusable, and simplifies application maintenance. Client-side rendering has revolutionized the web industry, as evidenced by its widespread adoption: as of 2024, approximately 9.5 million websites, or 8% of all active websites worldwide, use this approach, handling approximately 17% of total global web traffic. Despite its advantages, client-side rendering has certain limitations. It can affect various aspects of security and SEO optimization due to increased vulnerability to attacks and challenges in search engine indexing. The most significant drawback of this approach is the substantial increase in the size of files required for complete application loading and rendering. While this is not critical for smaller projects, it can be a significant strain on network resources for large, high-traffic sites with millions of daily visitors. This requires careful attention to content optimization and the use of additional tools to maintain stable application performance. The problem highlights the growth of global web traffic in recent years and the need to optimize this traffic, as it grows faster than the physical communications infrastructure that carries it around the world. It also underscores that while client-side rendering enhances development ease, maintainability, and application performance, it introduces new challenges such as increased application file size, SEO issues, and resource allocation difficulties. This article provides an overview of current issues with client-side rendering and their impact on the performance and functionality of web applications. It analyses the most common client-side rendering issues, including challenges with search engines, usability on low-performance devices, and the large file sizes required to render and display the application. It also examines practices and approaches for addressing these issues. Future research should focus on optimising existing solutions and migrating current projects to technologies that address client-side rendering challenges, such as server-side rendering and static page generation. In addition, it is important to investigate potential migration difficulties, as these methods require more server-side processing, which adds additional semantics, configuration and deployment work to the project.
39
Movahedi, Yazdan, Michel Cukier, Ambrose Andongabo, and Ilir Gashi. "Cluster-based vulnerability assessment of operating systems and web browsers." Computing 101, no. 2 (2018): 139–60. http://dx.doi.org/10.1007/s00607-018-0663-0.
Full text
40
Algarni, Abdullah M. "The Historical Relationship between the Software Vulnerability Lifecycle and Vulnerability Markets: Security and Economic Risks." Computers 11, no. 9 (2022): 137. http://dx.doi.org/10.3390/computers11090137.
Full textAbstract:
Vulnerability lifecycles and the vulnerability markets are related in a manner that can lead to serious security and economic risks, especially regarding black markets. In the current era, this is a relationship that requires careful scrutiny from society as a whole. Therefore, in this study, we analyzed the actual data relating to vulnerability-regulated markets in the case of two well-known browsers, Firefox and Chrome. Our analysis shows that financial reward is the main motivation for most discoverers, whose numbers are increasing every year. In addition, we studied the correlation between vulnerability markets and the vulnerability lifecycle from many perspectives, including theoretical concepts, and statistical approaches. Furthermore, we discussed the potential risks for people and organizations in terms of security and economics. We believe that money is the main motivation in vulnerability markets and that the latter are, in turn, the main driver of the vulnerability lifecycle, which presents several risks to the software industry and to society itself. Thus, in our opinion, if vulnerability markets can be controlled, the vulnerability lifecycle will be reduced or eliminated, along with its associated risks.
41
Joh, HyunChul. "Software Risk Assessment for Windows Operating Systems with respect to CVSS." European Journal of Engineering Research and Science 4, no. 11 (2019): 41–45. http://dx.doi.org/10.24018/ejers.2019.4.11.1610.
Full textAbstract:
CVSS is recognized as a de facto standard for categorizing and measuring software vulnerabilities in both how easy for exploitation for the given security bug and how much impact on a system having the vulnerability in a sense of the three security factors. Meanwhile, since the early 2000s, quantitative risk assessments of software systems had been able to be examined thanks to the accumulated enough datasets for a scientific investigation. However, there are still a lot of research attempts not to be taken in a quantitative examination of software risk assessments. In this paper, we are quantitatively analyzing CVSS scores in vulnerabilities from the three most recent Windows products, namely, Windows 7, Windows 8.1 and Windows 10. The result shows that AML vulnerability discovery model represents Windows vulnerability discovery trend reasonably. Furthermore, we found explicitly that, most of the time, security bugs are compromised with no authentication required systems. This result is corresponding with the output from the previous research based on Web browsers.
42
Joh, HyunChul. "Software Risk Assessment for Windows Operating Systems with respect to CVSS." European Journal of Engineering and Technology Research 4, no. 11 (2019): 41–45. http://dx.doi.org/10.24018/ejeng.2019.4.11.1610.
Full textAbstract:
CVSS is recognized as a de facto standard for categorizing and measuring software vulnerabilities in both how easy for exploitation for the given security bug and how much impact on a system having the vulnerability in a sense of the three security factors. Meanwhile, since the early 2000s, quantitative risk assessments of software systems had been able to be examined thanks to the accumulated enough datasets for a scientific investigation. However, there are still a lot of research attempts not to be taken in a quantitative examination of software risk assessments. In this paper, we are quantitatively analyzing CVSS scores in vulnerabilities from the three most recent Windows products, namely, Windows 7, Windows 8.1 and Windows 10. The result shows that AML vulnerability discovery model represents Windows vulnerability discovery trend reasonably. Furthermore, we found explicitly that, most of the time, security bugs are compromised with no authentication required systems. This result is corresponding with the output from the previous research based on Web browsers.
43
Zahro, Avidah Amalia. "Development and Analysis Report Information System Quality Web-Based Student Learning Outcomes at SMK Negeri 1 Banyumas." Jurnal Manajemen Informatika Medicom (JMI) 10, no. 2 (2022): 14–20. http://dx.doi.org/10.35335/jmi.v10i2.3.
Full textAbstract:
The purpose of this study was to develop an information system for reporting student learning outcomes at SMK Negeri 1 Banyumas, knowing the level of quality of the information system reporting student learning outcomes based on quality testing in accordance with ISO 25010 standards. The method used in this study was Research and Development (R&D). The development of this information system is carried out in 4 stages according to the waterfall method, namely the analysis stage, the design stage, the coding or implementation stage and the testing stage. The results of this study are 1) a web-based student learning outcome report information system developed with the Codeigniter 3.0 framework. and has the main features to import, manage, print, and display student report cards. 2) the test results show that the information system has met the ISO 25010 standard in aspects (1) functional suitability runs 100% and has a value of X=1; (2) performance efficiency can load pages in 3.2 seconds, PageSpeed performance of 94% (grade A) and YSlow of 90% (grade A); (3) usability, the percentage value is 84.69%; (4) security, with the level of vulnerability to attacks at level 1 (low); (5) reliability, with 100% session, hits and pages results; (6) maintainability has a maintainability index value of 68.28; (7) portability ran successfully on 5 different desktop browsers tested without error. PageSpeed performance of 94% (grade A) and YSlow of 90% (grade A); (3) usability, the percentage value is 84.69%; (4) security, with the level of vulnerability to attacks at level 1 (low); (5) reliability, with 100% session, hits and pages results; (6) maintainability has a maintainability index value of 68.28; (7) portability ran successfully on 5 different desktop browsers tested without error. PageSpeed performance of 94% (grade A) and YSlow of 90% (grade A); (3) usability, the percentage value is 84.69%; (4) security, with the level of vulnerability to attacks at level 1 (low); (5) reliability, with 100% session, hits and pages results; (6) maintainability has a maintainability index value of 68.28; (7) portability ran successfully on 5 different desktop browsers tested without error.
44
Kang, Seokchan, and Jiyeong Lee. "Developing a Tile-Based Rendering Method to Improve Rendering Speed of 3D Geospatial Data with HTML5 and WebGL." Journal of Sensors 2017 (2017): 1–11. http://dx.doi.org/10.1155/2017/9781307.
Full textAbstract:
A dedicated plug-in has been installed to visualize three-dimensional (3D) city modeling spatial data in web-based applications. However, plug-in methods are gradually becoming obsolete, owing to their limited performance with respect to installation errors, unsupported cross-browsers, and security vulnerability. Particularly, in 2015, the NPAPI service was terminated in most existing web browsers except Internet Explorer. To overcome these problems, the HTML5/WebGL (next-generation web standard, confirmed in October 2014) technology emerged. In particular, WebGL is able to display 3D spatial data without plug-ins in browsers. In this study, we attempted to identify the requirements and limitations of displaying 3D city modeling spatial data using HTML5/WebGL, and we propose alternative ways based on the bin-packing algorithm that aggregates individual 3D city modeling data including buildings in tile units. The proposed method reduces the operational complexity and the number and volume of transmissions required for rendering processing to improve the speed of 3D data rendering. The proposed method was validated on real data for evaluating its effectiveness in 3D visualization of city modeling data in web-based applications.
45
D’Arienzo, Maurizio, and Serena Gracco. "A Survey on CDN Vulnerability to DoS Attacks." International journal of Computer Networks & Communications 15, no. 5 (2023): 127–45. http://dx.doi.org/10.5121/ijcnc.2023.15508.
Full textAbstract:
Content Delivery Networks (CDN), or ”content distribution networks” have been introduced to improve performance, scalability, and security of data distributed through the web. To reduce the response time of a web page when certain content is requested, the CDN redirects requests from users’ browsers to geographically distributed surrogate nodes, thus having a positive impact on the response time and network load. As a side effect, the surrogate servers manage possible attacks, especially denial of service attacks, by distributing the considerable amount of traffic generated by malicious activities among different data centers. Some CDNs provide additional services to normalize traffic and filter intrusion attacks, thus further mitigating the effects of possible unpleasant scenarios. Despite the presence of these native protective mechanisms, a malicious user can undermine the stability of a CDN by generating a disproportionate amount of traffic within a CDN thanks to endless cycles of requests circulating between nodes of the same network or between several distinct networks. We refer in particular to Forwarding Loops Attacks, a collection of techniques that can alter the regular forwarding process inside CDNs. In this paper, we analyze the vulnerability of some commercial CDNs to this type of attacks and then propose some possible useful defensive strategies.
46
Cubas, Jonay, Severin D. H. Irl, Rafael Villafuerte, et al. "Endemic plant species are more palatable to introduced herbivores than non-endemics." Proceedings of the Royal Society B: Biological Sciences 286, no. 1900 (2019): 20190136. http://dx.doi.org/10.1098/rspb.2019.0136.
Full textAbstract:
Islands harbour a spectacular diversity and unique species composition. This uniqueness is mainly a result of endemic species that have evolved in situ in the absence of mammal herbivores. However, island endemism is under severe threat by introduced herbivores. We test the assumption that endemic species are particularly vulnerable to generalist introduced herbivores (European rabbit) using an unprecedented dataset covering an entire island with enormous topographic, climatic and biological diversity (Tenerife, Canary Islands). With increasing endemism, plant species are more heavily browsed by rabbits than non-endemic species with up to 67% of endemics being negatively impacted by browsing, indicating a dramatic lack of adaptation to mammal herbivory in endemics. Ecosystems with high per cent endemism are most heavily browsed, suggesting ecosystem-specific vulnerability to introduced herbivores, even within islands. Protection of global biodiversity caused by disproportionally high endemism on oceanic islands via ecosystem-specific herbivore control and eradication measures is of utmost importance.
47
Veprev, Sergei B., Sergei A. Nesterovich, and Aleksandr V. Makarov. "VULNERABILITY ANALYSIS IN OPERATING SYSTEMS AND APPLICATION SOFTWARE PRODUCTS." RSUH/RGGU Bulletin. Series Information Science. Information Security. Mathematics, no. 1 (2025): 95–105. https://doi.org/10.28995/2686-679x-2025-1-95-105.
Full textAbstract:
The article’s abstract deals in studying the modern cybersecurity issues and the analysis of vulnerabilities identified in 2024 in operating systems (OS) and application software products (ASP). The main types of vulnerabilities areconsidered, including zero-day vulnerabilities, memory management issues, flaws in OS kernels, and authentication mechanisms. The article describes modern methods for detecting those vulnerabilities, such as static code analysis, fuzzing, and penetration testing. Special attention is given to threats in products by Ivanti, Microsoft, and popular web browsers. The importance of using monitoring systems (e. g. Splunk and ELK Stack) for event analysis and applying secure development methodologies like DevSecOps, which help to integrate security at all stages of the software development lifecycle, is emphasized. The article highlights the necessity of a comprehensive approach to protection and the use of advanced technologies, including machine learning and virtual containers, to enhance the security of information systems and ensure rapid response to threats. It is emphasized that only such an approach can significantly reduce the risks of cyberattacks and provide more reliable data protection. The conclusion emphasizes the necessity of a comprehensive approach to analyzing software security, in which promising toolkits using machine learning methods and virtual containers occupy an important place.
48
Haff, Tonya M., and Robert D. Magrath. "To call or not to call: parents assess the vulnerability of their young before warning them about predators." Biology Letters 9, no. 6 (2013): 20130745. http://dx.doi.org/10.1098/rsbl.2013.0745.
Full textAbstract:
Communication about predators can reveal the effects of both conspecific and heterospecific audiences on signalling strategy, providing insight into signal function and animal cognition. In species that alarm call to their young, parents face a fundamental dilemma: calling can silence noisy offspring and so make them less likely to be overheard, but can also alert predators that young are nearby. Parents could resolve this dilemma by being sensitive to the current vulnerability of offspring, and calling only when young are most at risk. Testing whether offspring vulnerability affects parental strategy has proved difficult, however, because more vulnerable broods are often also more valuable. We tested experimentally whether parent white-browed scrubwren, Sericornis frontalis , assessed brood noisiness when alarm calling near nests . When a model predator was nearby, parents gave more alarm calls when playbacks simulated noisy broods, yet brood noisiness did not affect adult calling when only a control model was present. Parents were therefore sensitive to the tradeoff between silencing young and alerting predators to the presence of nests. Our study demonstrates that receiver vulnerability can affect signalling decisions in species other than primates.
49
Riadi, Imam, Rusydi Umar, and Tri Lestari. "Analisis Kerentanan Serangan Cross Site Scripting (XSS) pada Aplikasi Smart Payment Menggunakan Framework OWASP." JISKA (Jurnal Informatika Sunan Kalijaga) 5, no. 3 (2020): 146. http://dx.doi.org/10.14421/jiska.2020.53-02.
Full textAbstract:
E-commerce that is growing so rapidly can provide space for unauthorized parties in carrying out cybercrime, security anticipation is needed so that e-commerce applications can be protected from harassment or hacking attacks such as cross-site scripting (XSS), malware, exploits, and database injection. This research was conducted to determine the vulnerability of the Smart Payment application by self-test using the ZAP tool. This test is carried out to secure applications that serve as recommendations for follow-up in securing the Smart Payment application. The results of this study found vulnerabilities in the Smart Payment application. Vulnerabilities found were Information Disclosure-Suspicious Comments, X-Frame-Options Header not Set, X-Content-Type-Options Header Missing, Timestamp Disclosure-Unix, XSS Protection Not Enabled Web Browsers, and Directory Browsing. In addition to obtaining vulnerabilities from the Smart Payment application, solutions are also provided to overcome vulnerabilities in the Smart Payment application.
50
Pan, Jiaye, and Yi Zhuang. "PMCAP: A Threat Model of Process Memory Data on the Windows Operating System." Security and Communication Networks 2017 (2017): 1–15. http://dx.doi.org/10.1155/2017/4621587.
Full textAbstract:
Research on endpoint security involves both traditional PC platform and prevalent mobile platform, among which the analysis of software vulnerability and malware is one of the important contents. For researchers, it is necessary to carry out nonstop exploration of the insecure factors in order to better protect the endpoints. Driven by this motivation, we propose a new threat model named Process Memory Captor (PMCAP) on the Windows operating system which threatens the live process volatile memory data. Compared with other threats, PMCAP aims at dynamic data in the process memory and uses a noninvasive approach for data extraction. In this paper we describe and analyze the model and then give a detailed implementation taking four popular web browsers IE, Edge, Chrome, and Firefox as examples. Finally, the model is verified through real experiments and case studies. Compared with existing technologies, PMCAP can extract valuable data at a lower cost; some techniques in the model are also suitable for memory forensics and malware analysis.