WebAppArmor: A Framework for Robust Prevention of Attacks on Web Applications (Invited Paper)

Venkatakrishnan, V.; Bisht, Prithvi; Louw, Mike Ter; Zhou, Michelle; Kalpana, G.; Ganesh, Karthik Thotta

doi:10.1007/978-3-642-17714-9_2

Cited by 2 publications

(1 citation statement)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This approach provides a mechanism to query the extension code for the defined unsafe flows and does not provide a mechanism to enable the user to monitor application behavior and control its access. Similarly static analysis [11] has been proposed to address security of web applications such as identifying SQL injection [12], and cross-site scripting [13], [14]. These techniques are complementary to ours, since our runtime monitoring and access control model could benefit from the discovered unsafe flows to recommend to the user fine-grain permissions to eliminate these flows.…”

Section: Related Workmentioning

confidence: 99%

Towards Improving Browser Extension Permission Management and User Awareness

Marouf¹,

Shehab²

2012

Proceedings of the 8th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

View full text Add to dashboard Cite

Browsers have become the de-facto platform for users and their online presence. They have also become a rich environment for 3rd party extensions that enrich the user browsing experience by extending upon the browser's functionalities. Protecting user privacy against malicious or vulnerable extensions is an important task performed by modern browser platforms such as Google Chrome and Safari. To do so, these platforms adopt a per-extension permission model, where each extension is given a set of permissions based on its requirements. These models suffer from coarse-grained access controls and insufficient user awareness. In this paper we implement a runtime framework as a browser extension called REM. REM monitors the accesses made by 3rd party Chrome extensions, informs users of the accesses, and allows them to customize the permissions given to extensions. The custom permission settings are enforced by the framework at runtime. We evaluated our framework on popular Chrome extensions & were successful in monitoring and controlling their accesses with little overhead. We also conducted a user study to evaluate the effectiveness of REM compared to current standard methods.

show abstract

Section: Related Workmentioning

confidence: 99%

Towards Improving Browser Extension Permission Management and User Awareness

Marouf¹,

Shehab²

2012

Proceedings of the 8th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

View full text Add to dashboard Cite

show abstract

Current state of research on cross-site scripting (XSS) – A systematic literature review

Hydara

Sultan

Zulzalil

et al. 2015

Information and Software Technology

118

View full text Add to dashboard Cite

Context: Cross-site scripting (XSS) is a security vulnerability that affects web applications. It occurs due to improper or lack of sanitization of user inputs. The security vulnerability caused many problems for users and server applications. Objective: To conduct a systematic literature review on the studies done on XSS vulnerabilities and attacks. Method: We followed the standard guidelines for systematic literature review as documented by Barbara Kitchenham and reviewed a total of 115 studies related to cross-site scripting from various journals and conference proceedings. Results: Research on XSS is still very active with publications across many conference proceedings and journals. Attack prevention and vulnerability detection are the areas focused on by most of the studies. Dynamic analysis techniques form the majority among the solutions proposed by the various studies. The type of XSS addressed the most is reflected XSS. Conclusion: XSS still remains a big problem for web applications, despite the bulk of solutions provided so far. There is no single solution that can effectively mitigate XSS attacks. More research is needed in the area of vulnerability removal from the source code of the applications before deployment.

show abstract

WebAppArmor: A Framework for Robust Prevention of Attacks on Web Applications (Invited Paper)

Cited by 2 publications

References 24 publications

Towards Improving Browser Extension Permission Management and User Awareness

Towards Improving Browser Extension Permission Management and User Awareness

Current state of research on cross-site scripting (XSS) – A systematic literature review

Contact Info

Product

Resources

About