To see the other types of publications on this topic, follow the link: Client-side Web Security.
Journal articles on the topic 'Client-side Web Security'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 25 journal articles for your research on the topic 'Client-side Web Security.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Shahriar, Hossain, and Hisham M. Haddad. "Client-Side Detection of Clickjacking Attacks." International Journal of Information Security and Privacy 9, no. 1 (January 2015): 1–25. http://dx.doi.org/10.4018/ijisp.2015010101.
Full textAbstract:
Clickjacking attacks are emerging threat for web application users where click operations performed by victims lead to security breaches such as compromising webcams and posting unintended messages. Effective client-side defense technique could prevent the possible victims. This paper presents a client side approach to detect clickjacking attacks. The authors' approach examines web page requests and responses; the proposed approach is designed to detect advanced attack types such as cursorjacking, double click, and history object-based attacks. They evaluate the proposed approach with a set of legitimate and malicious websites. The results indicate that our approach has low false positive and false negative rates. The overhead imposed by the proposed approach is negligible.
2
., Archana B. Kadga. "IDENTITY BASED CRYPTOGRAPHY FOR CLIENT SIDE SECURITY IN WEB APPLICATIONS (WEBIBC)." International Journal of Research in Engineering and Technology 03, no. 15 (May 25, 2014): 181–86. http://dx.doi.org/10.15623/ijret.2014.0315034.
Full text
3
Shukla, Samiksha, D. K. Mishra, and Kapil Tiwari. "Performance Enhancement of Soap Via Multi Level Caching." Mapana - Journal of Sciences 9, no. 2 (November 30, 2010): 47–52. http://dx.doi.org/10.12723/mjs.17.6.
Full textAbstract:
Due to complex infrastructure of web application response time for different service request by client requires significantly larger time. Simple Object Access Protocol (SOAP) is a recent and emerging technology in the field of web services, which aims at replacing traditional methods of remote communications. Basic aim of designing SOAP was to increase interoperability among broad range of programs and environment, SOAP allows applications from different languages, installed on different platforms to communicate with each other over the network. Web services demand security, high performance and extensibility. SOAP provides various benefits for interoperability but we need to pay price of performance degradation and security for that. This formulates SOAP a poor preference for high performance web services. In this paper we present a new approach by enabling multi-level caching at client side as well as server side. Reference describes implementation based on the Apache Java SOAP client, which gives radically enhanced performance.
4
Lesko, S. A. "Models and scenarios of implementation of threats for internet resources." Russian Technological Journal 8, no. 6 (December 18, 2020): 9–33. http://dx.doi.org/10.32362/2500-316x-2020-8-6-9-33.
Full textAbstract:
To facilitate the detection of various vulnerabilities, there are many different tools (scanners) that can help analyze the security of web applications and facilitate the development of their protection. But these tools for the most part can only identify problems, and they are not capable of fixing them. Therefore, the knowledge of the security developer is a key factor in building a secure Web resource. To resolve application security problems, developers must know all the ways and vectors of various attacks in order to be able to develop various protection mechanisms. This review discusses two of the most dangerous vulnerabilities in the field of Web technologies: SQL injections and XSS attacks (cross-site scripting – XSS), as well as specific cases and examples of their application, as well as various approaches to identifying vulnerabilities in applications and threat prevention. Cross-site scripting as well as SQL-injection attacks are related to validating input data. The mechanisms of these attacks are very similar, but in the XSS attacks the user is the victim, and in the SQL injection attacks, the database server of the Web application. In XSS attacks, malicious content is delivered to users by means of a client-side programming language such as JavaScript, while using SQL injection, the SQL database query language is used. At the same time, XSS attacks, unlike SQL injections, harm only the client side leaving the application server operational. Developers should develop security for both server components and the client part of the web application.
5
Liu, Bing Qi, Hui Lan Jiang, and Jing Peng Wang. "Client-Side in Management System of Transmission Line Passage Protection Based on Android." Advanced Materials Research 986-987 (July 2014): 2139–42. http://dx.doi.org/10.4028/www.scientific.net/amr.986-987.2139.
Full textAbstract:
To overcome the shortcoming of lack of real-time in traditional latent troubles information management, a transmission line passage protection system (TLPPS) Android client-side is developed in this paper. Basing on Android mobile’s real-time communication and good development performance, Android client is used to record the information of latent trouble. Web Service is adopted to realize the wireless communication between client and server, then the real-time upload and updating is realized, thus improving the accuracy and making it possible for the administrator to put up with the advice of dealing with the latent trouble in time. The security of power system is guaranteed.
6
Hall, Calum, Lynsay Shepherd, and Natalie Coull. "BlackWatch: Increasing Attack Awareness within Web Applications." Future Internet 11, no. 2 (February 15, 2019): 44. http://dx.doi.org/10.3390/fi11020044.
Full textAbstract:
Web applications are relied upon by many for the services they provide. It is essential that applications implement appropriate security measures to prevent security incidents. Currently, web applications focus resources towards the preventative side of security. While prevention is an essential part of the security process, developers must also implement a level of attack awareness into their web applications. Being able to detect when an attack is occurring provides applications with the ability to execute responses against malicious users in an attempt to slow down or deter their attacks. This research seeks to improve web application security by identifying malicious behavior from within the context of web applications using our tool BlackWatch. The tool is a Python-based application which analyzes suspicious events occurring within client web applications, with the objective of identifying malicious patterns of behavior. This approach avoids issues typically encountered with traditional web application firewalls. Based on the results from a preliminary study, BlackWatch was effective at detecting attacks from both authenticated and unauthenticated users. Furthermore, user tests with developers indicated BlackWatch was user-friendly, and was easy to integrate into existing applications. Future work seeks to develop the BlackWatch solution further for public release.
7
Hossain, Md Shohrab, Arnob Paul, Md Hasanul Islam, and Mohammed Atiquzzaman. "Survey of the Protection Mechanisms to the SSL-based Session Hijacking Attacks." Network Protocols and Algorithms 10, no. 1 (April 1, 2018): 83. http://dx.doi.org/10.5296/npa.v10i1.12478.
Full textAbstract:
Web communications between the server and the client are being used extensively. However, session hijacking has become a critical problem for most of the client-server communications. Among different session hijacking attacks, SSL stripping is the most dangerous attack. There are a number of measures proposed to prevent SSL tripping-based session hijacking attacks. However, existing surveys did not summarize all the preventive measures in a comprehensive manner (without much illustration and categorization). The objective of this paper is to provide a comprehensive survey of existing measures against SSL stripping-based session hijacking attacks and compare those measures. In this paper, we have classified all the existing preventive measures for SSL stripping-based session hijacking attacks into two main categories: client-side measures and serverside measures. We have illustrated the proposed solutions comprehensively with useful diagrams for clarification. We have also compared them based on different performance criteria. This paper will help web security researchers to have a comparative analysis of all solutions for the SSL stripping based attacks, thereby improving existing solutions to better protect the users from session hijacking attacks.
8
Cerny, Tomas, Miroslav Macik, Michael Donahoo, and Jan Janousek. "On distributed concern delivery in user interface design." Computer Science and Information Systems 12, no. 2 (2015): 655–81. http://dx.doi.org/10.2298/csis141202021c.
Full textAbstract:
Increasing demands on user interface (UI) usability, adaptability, and dynamic behavior drives ever-growing development and maintenance complexity. Traditional UI design techniques result in complex descriptions for data presentations with significant information restatement. In addition, multiple concerns in UI development leads to descriptions that exhibit concern tangling, which results in high fragment replication. Concern-separating approaches address these issues; however, they fail to maintain the separation of concerns for execution tasks like rendering or UI delivery to clients. During the rendering process at the server side, the separation collapses into entangled concerns that are provided to clients. Such client-side entanglement may seem inconsequential since the clients are simply displaying what is sent to them; however, such entanglement compromises client performance as it results in problems such as replication, fragment granularity ill-suited for effective caching, etc. This paper considers advantages brought by concern-separation from both perspectives. It proposes extension to the aspect-oriented UI design with distributed concern delivery (DCD) for client-server applications. Such an extension lessens the serverside involvement in UI assembly and reduces the fragment replication in provided UI descriptions. The server provides clients with individual UI concerns, and they become partially responsible for the UI assembly. This change increases client-side concern reuse and extends caching opportunities, reducing the volume of transmitted information between client and server to improve UI responsiveness and performance. The underlying aspect-oriented UI design automates the server-side derivation of concerns related to data presentations adapted to runtime context, security, conditions, etc. Evaluation of the approach is considered in a case study applying DCD to an existing, production web application. Our results demonstrate decreased volumes of UI descriptions assembled by the server-side and extended client-side caching abilities, reducing required data/fragment transmission, which improves UI responsiveness. Furthermore, we evaluate the potential benefits of DCD integration implications in selected UI frameworks.
9
Čepický, Jáchym, and Luís Moreira de Sousa. "New implementation of OGC Web Processing Service in Python programming language. PyWPS-4 and issues we are facing with processing of large raster data using OGC WPS." ISPRS - International Archives of the Photogrammetry, Remote Sensing and Spatial Information Sciences XLI-B7 (June 22, 2016): 927–30. http://dx.doi.org/10.5194/isprsarchives-xli-b7-927-2016.
Full textAbstract:
The OGC® Web Processing Service (WPS) Interface Standard provides rules for standardizing inputs and outputs (requests and responses) for geospatial processing services, such as polygon overlay. The standard also defines how a client can request the execution of a process, and how the output from the process is handled. It defines an interface that facilitates publishing of geospatial processes and client discovery of processes and and binding to those processes into workflows. Data required by a WPS can be delivered across a network or they can be available at a server. <br><br> PyWPS was one of the first implementations of OGC WPS on the server side. It is written in the Python programming language and it tries to connect to all existing tools for geospatial data analysis, available on the Python platform. During the last two years, the PyWPS development team has written a new version (called PyWPS-4) completely from scratch. <br><br> The analysis of large raster datasets poses several technical issues in implementing the WPS standard. The data format has to be defined and validated on the server side and binary data have to be encoded using some numeric representation. Pulling raster data from remote servers introduces security risks, in addition, running several processes in parallel has to be possible, so that system resources are used efficiently while preserving security. Here we discuss these topics and illustrate some of the solutions adopted within the PyWPS implementation.
10
Čepický, Jáchym, and Luís Moreira de Sousa. "New implementation of OGC Web Processing Service in Python programming language. PyWPS-4 and issues we are facing with processing of large raster data using OGC WPS." ISPRS - International Archives of the Photogrammetry, Remote Sensing and Spatial Information Sciences XLI-B7 (June 22, 2016): 927–30. http://dx.doi.org/10.5194/isprs-archives-xli-b7-927-2016.
Full textAbstract:
The OGC® Web Processing Service (WPS) Interface Standard provides rules for standardizing inputs and outputs (requests and responses) for geospatial processing services, such as polygon overlay. The standard also defines how a client can request the execution of a process, and how the output from the process is handled. It defines an interface that facilitates publishing of geospatial processes and client discovery of processes and and binding to those processes into workflows. Data required by a WPS can be delivered across a network or they can be available at a server. <br><br> PyWPS was one of the first implementations of OGC WPS on the server side. It is written in the Python programming language and it tries to connect to all existing tools for geospatial data analysis, available on the Python platform. During the last two years, the PyWPS development team has written a new version (called PyWPS-4) completely from scratch. <br><br> The analysis of large raster datasets poses several technical issues in implementing the WPS standard. The data format has to be defined and validated on the server side and binary data have to be encoded using some numeric representation. Pulling raster data from remote servers introduces security risks, in addition, running several processes in parallel has to be possible, so that system resources are used efficiently while preserving security. Here we discuss these topics and illustrate some of the solutions adopted within the PyWPS implementation.
11
Srivastava, Tushar, Ashutosh Pandey, and Rizwan Khan. "A Study of Node.js Using Injection Vulnerabilities." International Journal of Advanced Research in Computer Science and Software Engineering 8, no. 5 (June 2, 2018): 64. http://dx.doi.org/10.23956/ijarcsse.v8i5.666.
Full textAbstract:
The Node.js community has prompt the making of numerous applications, for example, server-side web applications and work area applications. Not at all like client side JavaScript code, Node.js applications can collaborate uninhibitedly with the working framework without the advantages of a security sandbox. The mind boggling exchange between Node.js modules prompts unobtrusive infusion vulnerabilities being presented crosswise over module limits. This paper displays a substantial scale consider crosswise over 235,850 Node.js modules to investigate such vulnerabilities. We demonstrate that infusion vulnerabilities are predominant practically speaking, both due to eval, which was already examined for program code, and because of the effective executive API presented in Node.js. Our investigation demonstrates that a great many modules might be helpless against charge infusion assaults and that notwithstanding for prominent undertakings it requires long investment to settle the issue.
12
Bilal, Muhammad, Muhammad Asif, and Abid Bashir. "Assessment of Secure OpenID-Based DAAA Protocol for Avoiding Session Hijacking in Web Applications." Security and Communication Networks 2018 (November 1, 2018): 1–10. http://dx.doi.org/10.1155/2018/6315039.
Full textAbstract:
It is increasingly difficult to manage the user identities (IDs) of rapidly developing and numerous types of online web-based applications in the present era. An innovative ID management system is required for managing the user IDs. The OpenID lightweight protocol is a better solution to manage the user IDs. In an OpenID communication environment, OpenID URL is not secured in a session hijacking situation because in other existing OpenID communication methods such double factor authentication has more chances of valid user session hijacked. The proposed communication protocol secures the OpenID URL with the help of additional innovative parameters such as Special Alphanumeric String (SAS) and Special Security PIN (SSP). The anticipated triple authentication protocol authenticated client unique OpenID URL at OpenID Provider (OP) side once and SAS and SSP field at Relying Party (RP) side. The anticipated protocol provides unique Single-Sign-On (SSO) services to OpenID users. The experimental website is tested by experts of web developers for avoiding session hijacking situation in the presence of hackers. The findings demonstrated that Dense Authentication Authorization and Accounting (DAAA) protocol minimizes the risk of a session hijacking in OpenID communication environment.
13
Boreiko, Maksym, and Mykola Budnyk. "Development of the Remote Heart Health Monitoring System." Cybernetics and Computer Technologies, no. 2 (June 30, 2021): 90–98. http://dx.doi.org/10.34229/2707-451x.21.2.10.
Full textAbstract:
Introduction. Cardiovascular disease (CVD) is the most common cause of death worldwide. This problem is especially relevant for Ukraine, where CVD accounts for more than 68% of all deaths. At the same time, in terms of population mortality rate (15.3 ‰), Ukraine is ahead of all European countries. Electrocardiography is the most useful diagnostic tools. Nowadays a lot of portable ECG devices are available on the market, which makes ECG accessible for each patient directly from home. Remote monitoring of patients with CVD is a very necessary solution, which can save patient’s lives, doctor’s time and hospital’s money. Existing remote monitoring solution doesn’t provide enough cyber security and scalability, especially in the context of tight regulation of medical software in the European Union. The purpose of the article is to develop a cloud-based software solution for remote monitoring of patients with CVD using a portable ECG device. We propose the full architecture, which include server-side components (databases, computational resources, gateways, queus, load balancers and others) and client-side components (mobile app for the Android and iOS and web browser app). Results. We proposed, designed, implemented and tested the full end-to-end Cloud-based solution for remote monitoring of patients with CVD. Security of the system is ensured by dividing the single database to three separate databases (database with patient’s data, database with ECG data and mapping database), hiding all server components under the virtual private network, and transferring data via secure HTTPS connection. Conclusions. Developed system successfully solve their goals. It is being used now in the Finnish company Cardiolyse. Keywords: telemedicine, client-server, medical devices, electrocardiography, cybersecurity, heart rate variability
14
Et. al., Leelavathy S,. "A Secure Methodology to Detect and Prevent Ddos and Sql Injection Attacks." Turkish Journal of Computer and Mathematics Education (TURCOMAT) 12, no. 2 (April 11, 2021): 341–46. http://dx.doi.org/10.17762/turcomat.v12i2.722.
Full textAbstract:
As most of the applications host on cloud, Security is a major concern for the data owners. The cloud environment has to be secure and protect data owner data from cloud attacks. In this project work, we study about securing firewall against client side attacks namely Denial of firewall and SQL injection attacks. Denial of firewall is nothing but overloading the firewall by bursting n number of requests through vulnerable scripts. SQL injection attack is defined as bypassing the security protocols by malicious scripts. Thus we proposed to design and develop a web application to detect and prevent denial of firewall and SQL injection attacks.
The denial of firewall attack can be performed using Java environment based servers and prevention can be performed using Digital Signature Algorithm (DSA) in which filter based approach and software puzzle based approach are performed to detect the malicious script based requests. Once the Deep Packet Inspection (DPI): filter based approach and software puzzle based approach are find satisfactory only the request would be processed. If the request is find malicious automatically the requested IP address would be blocked. Various type of SQL injection attacks namely SQL login bypass, Blind injection, SQL sleep attack, Data fetching attack are analysed and performed. The SQL injection attack can be prevented using PREPARE statements. This statements are created to make the SQL queries more efficient and render security benefits. This statement provides effective prevention mechanism against SQL injection attacks. Thus our proposed solution, provides high security against firewall attacks namely denial of firewall and SQL injection securing the data owner files and preventing compromising of firewall
15
Zhang, Zhiyi, Michał Król, Alberto Sonnino, Lixia Zhang, and Etienne Rivière. "EL PASSO: Efficient and Lightweight Privacy-preserving Single Sign On." Proceedings on Privacy Enhancing Technologies 2021, no. 2 (January 29, 2021): 70–87. http://dx.doi.org/10.2478/popets-2021-0018.
Full textAbstract:
Abstract Anonymous credentials are a solid foundation for privacy-preserving Single Sign-On (SSO). They enable unlinkable authentication across domains and allow users to prove their identity without revealing more than necessary. Unfortunately, anonymous credentials schemes remain difficult to use and complex to deploy. They require installation and use of complex software at the user side, suffer from poor performance, and do not support security features that are now common, such as two-factor authentication, secret recovery, or support for multiple devices. In contrast, Open ID Connect (OIDC), the de facto standard for SSO is widely deployed and used despite its lack of concern for users’ privacy. We present EL PASSO, a privacy-preserving SSO system based on anonymous credentials that does not trade security for usability, and can be incrementally deployed at scale alongside Open ID Connect with no significant changes to end-user operations. EL PASSO client-side operations leverage a WebAssembly module that can be downloaded on the fly and cached by users’ browsers, requiring no prior software installation or specific hardware. We develop automated procedures for managing cryptographic material, supporting multi-device support, secret recovery, and privacy-preserving two-factor authentication using only the built-in features of common Web browsers. Our implementation using PS Signatures achieves 39x to 180x lower computational cost than previous anonymous credentials schemes, similar or lower sign-on latency than Open ID Connect and is amenable for use on mobile devices.
16
Shanmuga Priya, S., Dr A.Valarmathi, M. Rizwana, and Dr L.Mary Gladence. "Enhanced Mutual Authentication System in Mobile Cloud Environments." International Journal of Engineering & Technology 7, no. 3.34 (September 1, 2018): 192. http://dx.doi.org/10.14419/ijet.v7i3.34.18962.
Full textAbstract:
Security is one of the significant worries of all associations which utilizes online methods for interchanges particularly banks. Of this, customer side is most defenseless against hacking, as the framework can't be totally shut when use over web by a typical customer is to be permitted. Most frameworks utilize a static password– based verification strategy which is anything but difficult to hack. There are different other validation strategies existing like cards, biometric recognizable proof, and so on. These strategies give better security, however are not material to online customer correspondence as these techniques require extraordinary gadgets for their usage. One conceivable technique for applying an upgraded factor of verification for online access to the framework is a dynamic secret word. In this venture we can plan the validation framework in light of key age, confirmation age and OTP based framework. The keys are created progressively utilizing Mobile IMEI number and SIM card number. The OTP age utilizes the components that are novel to the client and is introduced on a PDA in Android stage and furthermore cloud server claimed by PHP server. An OTP is legitimate for a minutes time, after which, is pointless. The framework in this way gives better customer level security – a straightforward minimal effort strategy which shields framework from hacking strategies, for example, speculating assault, answer assault, stolen and verifier assault and adjustment assault.
17
Berti, G., G. Engelbrecht, J. Fingberg, G. Kohring, S. E. Middleton, R. Schmidt, and S. Benkner. "GEMSS: Grid-infrastructure for Medical Service Provision." Methods of Information in Medicine 44, no. 02 (2005): 177–81. http://dx.doi.org/10.1055/s-0038-1633941.
Full textAbstract:
Summary Objectives: The European GEMSS Project is concerned with the creation of medical Grid service prototypes and their evaluation in a secure service-oriented infrastructure for distributed on demand/supercomputing. Key aspects of the GEMSS Grid middleware include negotiable QoS support for time-critical service provision, flexible support for business models, and security at all levels in order to ensure privacy of patient data as well as compliance to EU law. Methods: The GEMSS Grid infrastructure is based on a service-oriented architecture and is being built on top of existing standard Grid and Web technologies. The GEMSS infrastructure offers a generic Grid service provision framework that hides the complexity of transforming existing applications into Grid services. For the development of client-side applications or portals, a pluggable component framework has been developed, providing developers with full control over business processes, service discovery, QoS negotiation, and workflow, while keeping their underlying implementation hidden from view. Results: A first version of the GEMSS Grid infrastructure is operational and has been used for the set-up of a Grid test-bed deploying six medical Grid service prototypes including maxillofacial surgery simulation, neuro-surgery support, radio-surgery planning, inhaled drug-delivery simulation, cardiovascular simulation and advanced image reconstruction. Conclusions: The GEMSS Grid infrastructure is based on standard Web Services technology with an anticipated future transition path towards the OGSA standard proposed by the Global Grid Forum. GEMSS demonstrates that the Grid can be used to provide medical practitioners and researchers with access to advanced simulation and image processing services for improved preoperative planning and near real-time surgical support.
18
"Upgraded Web Architecture for Mail Security and Customization." International Journal of Innovative Technology and Exploring Engineering 9, no. 7 (May 10, 2020): 415–18. http://dx.doi.org/10.35940/ijitee.f4748.059720.
Full textAbstract:
Here we are presenting a made sure about DNS with upgraded database which underpins on cloud mail server. DNS in general considered as a straightforward approach where content-based convention occurs, where at least one among the beneficiaries of a message are indicated along with the message content and possibly with additional encoded entities act on behalf of the supreme database. A remote server then receives the message employing a method of inquiries and responses among the client and the server. A server Mail Transfer Agent (MTA) or a Mail User Agent (MUA) whose is the end client can be a customer in the SMTP server database. Here we presenting a technique-based security strategy called as guidance location framework (IDS) which follow the internet protocol (IP) subtleties, date, time and the secret key level of the programmer from the programmer's side. Programmer's area can be discovered utilizing their IP address. The subtleties will be put away in the database from the server side. The email or the DNS client associates with the server MTA through the communication port 25. Telnet program is the most commonly used to test the SMTP server. Upon request DNS doesn't permit one to pull messages from a remote server as it works on the conventional push protocol. With the goal that the primary article is to make protection conservation for the private database the proposed design executes this present reality mysterious database by actualizing the speculation and concealment. It manages forestalling pernicious gatherings and interruption utilizing trust mindful steering system with trust as an assistance. The proficiency and security of information can be accomplished by keeping up single database with explicit access rights. With the activity performed with IDS with ESMTP in Anonymous and Confidential Databases.
19
Sularso, Eko, Willy Sudiarto Rahardjo, and Yuan Lukito. "IMPLEMENTASI ALGORITMA RIJNDAEL 128 PADA APLIKASI CHATTING BERBASIS HTML5 WEBSOCKET." Jurnal Informatika 10, no. 2 (January 14, 2015). http://dx.doi.org/10.21460/inf.2014.102.326.
Full textAbstract:
In the past, web-based chat application didn’t consider security as part of must-have requirement, thus many insecure examples were broken in short time after it was released. Data sniffing is one common attack that could be used to attack insecure applications because the data was transferred using an insecure medium, which is HTTP. We propose a new web-based chat application that is built based on HTML5 WebSocket technology using Socket.IO library to improve confidentiality of the messages sent between two or multiple parties. We combine it with NodeJS and Express to facilitate real-time discussion between client and server and vice versa. We also use Rijndael (known as AES - Advanced Encryption Standard) to make sure that the message stays confidential and only known by sender and receiver. To satisfy the integrity property, we apply SHA-3 hash function. By combining SSL/TLS, AES, and SHA-3 hash function, we have added multiple layer of security inside this application and no additional effort needed by the user. Based on conducted experiments, we can conclude that this application could satisfy security requirements (confidentiality and integrity), either on the client or server side.
20
Hatala, Zulkarnaen. "Prosedur efektif pengembangan aplikasi basis data." JSAI (Journal Scientific and Applied Informatics) 2, no. 1 (January 29, 2019). http://dx.doi.org/10.36085/jsai.v2i1.104.
Full textAbstract:
Abstract—Efficient and quick procedure to build a web application is presented. The steps are intended to build a database application system with hundreds of tables. The procedure can minimize tasks needed to write code and doing manual programming line by line. The intention also to build rapidly web-based database application. In this method security concerning authentification and authorization already built in ensuring the right and eligible access of the user to the system. The end result is ready to use the web-based 3-tier application. Moreover, the application is still flexible to be customized and to be enhanced to suit more specific requirement in part of each module of the software both the server-side and client-side programming codes. Abstrak—Pada penelitian kali ini diusulkan prosedur cepat dan efisien pengembangan aplikasi basis data menggunakan generator aplikasi. Bertujuan untuk meminimalisir penulisan bahasa pemograman. Keuntungan dari prosedur ini adalah bisa digunakan untuk mengembangkan aplikasi basis data secara cepat terutama dengan sistem basis data yang terdiri dari banyak tabel. Hak akses dan prosedur keamanan standar telah disediakan sehingga setiap user terjamin haknya terhadap entitas tertentu di basis data. Hasil generasi adalah aplikasi basis data berbasis web yang siap pakai. Sistem aplikasi yang terbentuk masih sangat lentur untuk untuk dilakukan penyesuaian setiap komponen aplikasi baik di sisi server maupun di sisi client.
21
HR, Mohith Gowda, Adithya MV, Gunesh Prasad S, and Vinay S. "Development of anti-phishing browser based on random forest and rule of extraction framework." Cybersecurity 3, no. 1 (October 14, 2020). http://dx.doi.org/10.1186/s42400-020-00059-1.
Full textAbstract:
Abstract Phishing is a technique under Social Engineering attacks which is most widely used to get user sensitive information, such as login credentials and credit and debit card information, etc. It is carried out by a person masquerading as an authentic individual. To protect web users from these attacks, various anti-phishing techniques are developed, but they fail to protect the user from these attacks in various ways. In this paper, we propose a novel technique to identify phishing websites effortlessly on the client side by proposing a novel browser architecture. In this system, we use the rule of extraction framework to extract the properties or features of a website using the URL only. This list consists of 30 different properties of a URL, which will later be used by the Random Forest Classification machine learning model to detect the authenticity of the website. A dataset consisting of 11,055 tuples is used to train the model. These processes are carried out on the client-side with the help of a redesigned browser architecture. Today Researches have come up with machine learning frameworks to detect phishing sites, but they are not in a state to be used by individuals having no technical knowledge. To make sure that these tools are accessible to every individual, we have improvised and introduced detection methods into the browser architecture named as ‘Embedded Phishing Detection Browser’ (EPDB), which is a novel method to preserve the existing user experience while improving the security. The newly designed browser architecture introduces a special segment to perform phishing detection operations in real-time. We have prototyped this technique to ensure maximum security, better accuracy of 99.36% in the identification of phishing websites in real-time.
22
Chen, Liqun, Kaibin Huang, Mark Manulis, and Venkkatesh Sekar. "Password-authenticated searchable encryption." International Journal of Information Security, November 22, 2020. http://dx.doi.org/10.1007/s10207-020-00524-5.
Full textAbstract:
AbstractWe introduce Password Authenticated Searchable Encryption (PASE), a novel searchable encryption scheme where a single human-memorizable password can be used to outsource (encrypted) data with associated keywords to a group of servers and later retrieve this data through the encrypted keyword search procedure. PASE ensures that only the legitimate user who knows the initially registered password can perform these operations. In particular, PASE guarantees that no single server can mount an offline attack on the user’s password or learn any information about the encrypted keywords. The concept behind PASE protocols extends previous concepts behind searchable encryption by removing the requirement on the client to store high-entropy keys, thus making the protocol device-agnostic on the user side. In this paper, we model the functionality of PASE along with two security requirements (indistinguishability against chosen keyword attacks and authentication) and propose an efficient direct construction in a two-server setting those security we prove in the standard model under the Decisional Diffie–Hellman assumption. Our constructions support outsourcing and retrieval procedures based on multiple keywords and allow users to change their passwords without any need for the re-encryption of the outsourced data. Our theoretical efficiency comparisons and experimental performance and scalability measurements show that the proposed scheme is practical and offers high performance in relation to computations and communications on the user side. The practicality of our PASE scheme is further demonstrated through its implementation within a JavaScript-based web application that can readily be executed on any (mobile) browser and remains practical for commodity user devices such as laptops and smartphones.
23
Vlajic, N., X. Y. Shi, H. Roumani, and P. Madani. "Rethinking the Use of Resource Hints in HTML5: Is Faster Always Better!?" Journal of Cyber Security and Mobility, November 19, 2017. http://dx.doi.org/10.13052/2245-1439.625.
Full textAbstract:
To date, much of the development in Web-related technologies has been driven by the users’ quest for ever faster and more intuitive WWW. One of the most recent trends in this development is built around the idea that a user’s WWW experience can further be improved by predicting and/or preloading Web resources that are likely sought by the user, ahead of time. Resource hints is a set of features introduced in HTML5 and intended to support the idea of predictive preloading in the WWW. Inspite of the fact that resource hints were originally intended to enhance the online user experience, their introduction has unfortunately created a vulnerability that can be exploited to attack the user’s privacy, security and reputation, or to turn the user’s computer into a bot that can compromise the integrity of business analytics. In this article we outline six different scenarios (i.e., attacks) in which the resource hints could end up turning the browser into a dangerous tool that acts without the knowledge of and/or against its very own user. What makes these attacks particularly concerning is the fact that they are extremely easy to execute, and they do not require that any form of client-side malware be implanted on the user machine. While one of the attacks is (just) a new form of the well-known cross-site request forgery attacks, the other attacks have not been addressed much or at all in the research literature. Through this work, we ultimate hope to make the wider Internet community critically rethink the way the resource hints are implemented and used in today’sWWW.
24
Mamtora, Rushi, Dr Priyanka Sharma, and Jatin Patel. "Server-Side Template Injection with Custom Exploit." International Journal of Scientific Research in Science, Engineering and Technology, May 10, 2021, 105–8. http://dx.doi.org/10.32628/ijsrset218318.
Full textAbstract:
Cyber attacks are getting progressively incessant, causing a great deal of harm. Attackers take our valuable information by compromising web application security loopholes. Dynamic content that is being incorporated into the html that has been served to the client. assume when you open a site page then you see your name so that is dynamic substance for each client who additionally at any point visits that page. We can inject input fields and they are shipped off the web worker. So ,we need to check for all information handled whose worth is reflected in some structure to get the prepared payload. Then attempt to misuse it dependent on the layouts. This paper discusses the idea of an template injection and its impact on template based web application
25
"PREVENTION OF CROSS SITE SCRIPTING (XSS) AND SECURING WEB APPLICATION AT CLIENT SIDE." International Journal of Advance Engineering and Research Development 4, no. 05 (May 31, 2017). http://dx.doi.org/10.21090/ijaerd.rtde21.
Full text