Research Article

Web Browser Security: Different Attacks Detection and Prevention Techniques

by  Patil Shital Satish, Chavan R. K.
journal cover
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 170 - Issue 9
Published: Jul 2017
Authors: Patil Shital Satish, Chavan R. K.
10.5120/ijca2017914938
PDF

Patil Shital Satish, Chavan R. K. . Web Browser Security: Different Attacks Detection and Prevention Techniques. International Journal of Computer Applications. 170, 9 (Jul 2017), 35-41. DOI=10.5120/ijca2017914938

                        @article{ 10.5120/ijca2017914938,
                        author  = { Patil Shital Satish,Chavan R. K. },
                        title   = { Web Browser Security: Different Attacks Detection and Prevention Techniques },
                        journal = { International Journal of Computer Applications },
                        year    = { 2017 },
                        volume  = { 170 },
                        number  = { 9 },
                        pages   = { 35-41 },
                        doi     = { 10.5120/ijca2017914938 },
                        publisher = { Foundation of Computer Science (FCS), NY, USA }
                        }
                        %0 Journal Article
                        %D 2017
                        %A Patil Shital Satish
                        %A Chavan R. K.
                        %T Web Browser Security: Different Attacks Detection and Prevention Techniques%T 
                        %J International Journal of Computer Applications
                        %V 170
                        %N 9
                        %P 35-41
                        %R 10.5120/ijca2017914938
                        %I Foundation of Computer Science (FCS), NY, USA
Abstract

In this paper, we present a systematic study of how to make a browser secure. Web browser is vulnerable to different attacks; these attacks are performed due to vulnerabilities in the UI of the web page, Browser cache memory, extensions, plug-in. The Attacker can run malicious JavaScript to exploit user system by using these vulnerabilities. Buffer overflow attack, Cross-site-scripting, Man-in-the-middle, Extension vulnerability, Extreme Phishing, Browser Cache poisoning, Session hijacking, Drive-by-download, Click-jacking attacks are discussed. Browser with electrolysis system and sandboxed processes are discussed to prevent the browser from attack.

References
  • Adi, Saltzman, Roi and Sharabani,Active Man in the Middle Attacks: A Security Advisory, A whitepaper from IBM Rational Application Security Group, 2009
  • Bhargavaand Chen, Daniel,Shastry,DeFreez,Jean-Pierre Haoand Seifert, A first look at Firefox OS security,Nashville, TN USA, 2011
  • Xiaowei and Xue,Yuan,Li,A survey on web application security ,Nashville, TN USA, 2011
  • Nicolas, Golubovic, Attacking Browser Extensions.
  • Yue and Dong, Xinshu and Saxena,Jia,Prateek and Mao, Jian and Liang,Yaoqi and Chen,Zhenkai, Man-in-the-browser-cache: Persisting HTTPS attacks via browser cache poisoning, computers security, 55, (2015)62–80
  • V and PandianS,Nithya, Lakshmana and Malarvizhi, C,A Survey on Detection and Prevention of Cross-Site Scripting Attack,International Journal of Security and Its Applications,3,9,(2015),139–152
  • Calton and Beattie,,Cowan, F and Pu, Steve and Walpole,Crispin and Wagle, Jonathan, Buffer Overflow : Attacks and defenses for the vulnerability of the decade,2,(2000)119–129
  • Gurvinder,Kaur ,Study of Cross-Site Scripting Attacks and Their Countermeasures,International Journal of Computer Applications Technology and Research,10,3,(2014)604–609
  • A Sankara,Narayanan, Clickjacking vulnerability and countermeasures, New York International Journal of Applied Information Systems, 2012
  • David, Stefan, Deian and Yang, Petr and Russo, Edward Z and Marchenko, David and Karp, Alejandro and Herman,Brad and Mazieres, Protecting Users by Confining JavaScript with COWL, (2014)131–146
  • Tarek S and Zaki,Ashraf and Sobh,Elgohary, Mohammed, Design of an enhancement for SSL/TLS protocols, 25, (2006)297–306
  • Giovanni,Cova, Christopher and Vigna,Marco and Kruegel, Detection and analysis of drive-by-download attacks and malicious JavaScript code, (2010)281–290
  • Jerry, Louis, Detection of session hijacking, 2011
  • Manuel and Wurzinger, Egele, Peter and Kruegel, Engin, Christopher and Kirda, Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks, (2009)88–106
  • P Vadivel and Alagarsamy,Murugan,K,BufferOverflow Attack– Vulnerability in Stack,International Journal of Computer Applications,5,13,(2011)1–2
  • Rohilla, Rakesh,Monika and Kumar,XSS Attack: Detection and Prevention Techniques
  • Adam and Felt, Barth,Adrienne Porter and SaxenaPrateek and Boodman, Aaron, Protecting Browsers from Extension Vulnerabilities, 2010
  • Benjamin A and Brodley, Hilmi and Vijaykumar, Kuperman, TN and Jalote, Carla E and Ozdoganoglu, Ankit,Detection and prevention of stack buffer overflow attacks, Communications of the ACM11,48,(2005)50–56
  • Hodges, Collin and Barth, Jeff and Jackson,Adam, Http strict transport security (hsts), 2012
  • Gu, Boxuan and Zhang, Xiaole and Champion, Wenbin and Bai, Adam C and Qin, Dong,Feng and Xuan, Jsguard: shellcode detection in JavaScript, (2012)112–130
  • Marchesini, Sean W and Zhao, John and Smith, Meiyuan, Keyjacking: the surprising insecurity of client-side SSL, Computers Security, 24, (2005)109–123
  • Jia, Yue and Dong, Yaoqi and Chen,Xinshu and Saxena, Prateek and Mao, Jian and Liang, Zhenkai, Poster: Man-in-the-Browser-Cache: Persisting HTTPS Attacks via Browser Cache Poisoning
  • Callegati, Walter and Ramilli, Franco and Cerroni, Marco, Man-inthe-Middle Attack to the HTTPS Protocol, IEEE Security Privacy, 7, (2009)78–81
  • Eriksson, Mattias and Johansson, TT, An example of a man-in-themiddle attack against server authenticated ssl-sessions, 2003
  • Fraser,Howard, Modern web attacks, Network Security, 2008, (2008)13– 15
  • Matthias and Ben-David,Vallentin, Yahel, Persistent browser cache poisoning,2010
  • Karapanos, Srdjan,Nikolaos and Capkun, On the Effective Prevention of TLS Man-In-The-Middle Attacks in Web Applications, 14, 2014
  • Barth, Adrienne Porter,Adam and Felt,SaxenaPrateek and Boodman, Aaron, Protecting Browsers from Extension Vulnerabilities, 2010
  • Jackson, Adam, Collin and Barth, Forcehttps: protecting high-security web sites from network attacks, (2008)525–534
  • Vallentin, Yahel, Matthias and Ben-David, Quantifying persistent browser cache poisoning, 2014
  • Jackson,Andrew and Boneh,Collin and Bortz,JohnC,D an and Mitchell, Protecting browser state from web privacy attacks, (2006)737–744
  • Liang, Wei and Liu, Bin and You,Liangkun and Shi, Mario, Wenchang and Heiderich, Scriptless timing attacks on web browser privacy, (2014)112–123
  • Jemel, Ahmed,Mayssa and Serhrouchni, Security assurance of local data stored by HTML5 web application, (2014)47–52
  • Vishnoi, Monika and Tech,Laxman and Agarwal, MIT, Session Hijacking And Its Countermeasures, International Journal of Scientific Research Engineering and Technology (IJSRET), (2013)250–252
  • Deepak Singh,Jain, Divya Rishi and Tomar, Vineeta and Sahu, Session Hijacking: Threat Analysis and Countermeasures
  • Kapoor, Shray, Session hijacking exploiting TCP, UDP and HTTP sessions, infosecwriters. com/text resources/.../SKapoorSessionHijacking. pdf, 2006
  • Ralf and Basin,Rolf and Hauser, David,Oppliger, SSL/TLS sessionaware user authentication revisited, Computers Security, 27,(2008)64–70
  • Piekarska, Bhargava and Borgaonkar,Marta and Shastry, Ravishankar, Piekarska, Bhargava and Borgaonkar,Marta and Shastry, Ravishankar,What Does the Fox Say? On the Security Architecture of Firefox OS,(2014)172– 177
  • Securing web browser, http://www.us-cert.gov/publications/ securing-your-web-browser
  • Attacks on browser, http://www.owasp.org/index.php
  • See fixed patches in mozilla on bugzilla, http://www.bugzilla.mozilla.org/quickserack=attachment
  • Mozilla foundation security advisory, https://www.mozilla.org/en-US/ security/advisoris/mfsa2017-01
  • How Appliction Cache works, https://developer.mozilla.org/en-US/ docs/web/HTML/Using the application cache
  • All errors in Mozilla browser can see one time at,https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox
  • Zhao, Rui and John, Stacy and Bussell,Samantha and Karas, Cara and Roberts, Daniel and Gavett,Jennifer and Six, Brandon and Yue, Chuan,The Highly Insidious Extreme Phishing Attacks,(2016)1–10
  • Privilege escalation vulnerabilities in WebExtensions APIs, https://bugzilla.mozilla.org/showbug.cgi?id=1226423
  • Pandikumar, T and Girma, Teklish,Analyzing Information Flow in Java based Browser Extensions,(2016)
  • Chuan,Yue,The Devil Is Phishing: Rethinking Web Single Sign-On Systems Security.,(2013)
  • Zhao,Chuan and Yi,Rui and Yue,Qing,Automatic detection of information leakage vulnerabilities in browser extensions,(2015)1384–1394
  • Interger overflow in Websockets during data buffering, https://bugzilla.mozilla.org/showbug.cgi?id=1287266
  • Buffer overflow rendering SVG with bidirectional content, https://bugzilla.mozilla.org/showbug.cgi?id=1270381
  • Cross-site reading attack through data and view-source URIs, https://bugzilla.mozilla.org/showbug.cgi?id=1228950
  • Integer overflow in MP4 playback in 64-bit versions, https://bugzilla.mozilla.org/showbug.cgi?id=1206211
  • Same origin violation and local file stealing via PDF reader, https://bugzilla.mozilla.org/showbug.cgi?id=1178058
  • Electrolysis and Accessbility, https://wiki.mozilla.org/Electrolysis/Accessibility
  • Introduction to Electrolysis, https://wiki.mozilla.org/Electrolysis
  • Electrolys and multiple content process, https://wiki.mozilla.org/Electrolysis/Multiplecontentprocesses
  • Sandbox security process model https://wiki.mozilla.org/Security/Sandbox/Processmodel
  • Hardening the Firefox Security Sandbox https://wiki.mozilla.org/Security/Sandbox/Hardening
  • Tammo and Dewald,Rieck,Andreas,Konrad and Krueger,Cujo: efficient detection and prevention of drive-by-download attacks,(2010)31–39.
  • Chariton, Argyroudis, Patroklos and Karamitas, Exploiting the jemalloc Memory Allocator: Owning Firefox's Heap,Blackhat USA,2012
  • Emery D,Novark, Gene and Berger, DieHarder: securing the heap,(2010) 573—584
Index Terms
Computer Science
Information Sciences
No index terms available.
Keywords

Web application security Heap overflow Electrolysis Sandboxing

Powered by PhDFocusTM