English
Related papers

Related papers: Precise XSS detection and mitigation with Client-s…

200 papers

The development and analysis of mobile applications in term of security have become an active research area from many years as many apps are vulnerable to different attacks. Especially the concept of hybrid applications has emerged in the…

Cryptography and Security · Computer Science 2020-07-31 Usama Khalid , Muhammad Abdullah , Kashif Inayat

There are many scenarios in which inferring the type of a client browser is desirable, for instance to fight against session stealing. This is known as browser fingerprinting. This paper presents and evaluates a novel fingerprinting…

Cryptography and Security · Computer Science 2012-11-21 Erwan Abgrall , Yves Le Traon , Martin Monperrus , Sylvain Gombault , Mario Heiderich , Alain Ribault

Modern web browsers have effectively become the new operating system for business applications, yet their security posture is often under-scrutinized. This paper presents a novel, comprehensive Browser Security Posture Analysis…

Cryptography and Security · Computer Science 2025-05-14 Avihay Cohen

Webshell attacks are becoming more common, requiring robust detection mechanisms to protect web applications. The dissertation clearly states two research directions: scanning web application source code and analyzing HTTP traffic to detect…

Cryptography and Security · Computer Science 2024-12-10 Ha L. Viet , On V. Phung , Hoa N. Nguyen

Cloud-application add-ons are microservices that extend the functionality of the core applications. Many application vendors have opened their APIs for third-party developers and created marketplaces for add-ons (also add-ins or apps). This…

Cryptography and Security · Computer Science 2019-11-28 Thanh Bui , Siddharth Rao , Markku Antikainen , Tuomas Aura

Cross-Site Scripting (XSS) is a prevalent and well known security problem in web applications. Numerous methods to automatically analyze and detect these vulnerabilities exist. However, all of these methods require that either code or…

Cryptography and Security · Computer Science 2025-02-23 Robin Kirchner , Jonas Möller , Marius Musch , David Klein , Konrad Rieck , Martin Johns

Microarchitectural side channel attacks have been very prominent in security research over the last few years. Caches have been an outstanding covert channel, as they provide high resolution and generic cross-core leakage even with simple…

Cryptography and Security · Computer Science 2020-08-28 Samira Briongos , Ida Bruhns , Pedro Malagón , Thomas Eisenbarth , José M. Moya

Nowadays, web applications have become most prevalent in the industry, and the critical data of most organizations stored using web apps. Hence, web applications a much bigger target for diverse cyber-attacks, which varies from database…

Cryptography and Security · Computer Science 2021-05-12 Rajat Gupta , Madhu Viswanatham V. , Manikandan K

Online tracking is a whack-a-mole game between trackers who build and monetize behavioral user profiles through intrusive data collection, and anti-tracking mechanisms, deployed as a browser extension, built-in to the browser, or as a DNS…

Cryptography and Security · Computer Science 2021-03-08 Yana Dimova , Gunes Acar , Lukasz Olejnik , Wouter Joosen , Tom Van Goethem

We show how an off-path (spoofing-only) attacker can perform cross-site scripting (XSS), cross-site request forgery (CSRF) and site spoofing/defacement attacks, without requiring vulnerabilities in either web-browser or server and…

Cryptography and Security · Computer Science 2012-05-01 Yossi Gilad , Amir Herzberg

Various in-browser privacy protection techniques have been designed to protect end-users from third-party tracking. In an arms race against these counter-measures, the tracking providers developed a new technique called CNAME cloaking based…

Cryptography and Security · Computer Science 2020-10-01 Ha Dao , Kensuke Fukuda

This paper exposes a new vulnerability and introduces a corresponding attack, the NoneXistent Name Server Attack (NXNSAttack), that disrupts and may paralyze the DNS system, making it difficult or impossible for Internet users to access…

Cryptography and Security · Computer Science 2020-09-30 Yehuda Afek , Anat Bremler-Barr , Lior Shafir

Web applications suffer from cross-site scripting (XSS) attacks that resulting from incomplete or incorrect input sanitization. Learning the structure of attack vectors could enrich the variety of manifestations in generated XSS attacks. In…

Software Engineering · Computer Science 2010-09-21 Yi-Hsun Wang , Ching-Hao Mao , Hahn-Ming Lee

Extracting structured data from the web is often a trade-off between the brittle nature of manual heuristics and the prohibitive cost of Large Language Models. We introduce AXE (Adaptive X-Path Extractor), a pipeline that rethinks this…

Computation and Language · Computer Science 2026-04-01 Abdelrahman Mansour , Khaled W. Alshaer , Moataz Elsaban

Several studies have been conducted on understanding third-party user tracking on the web. However, web trackers can only track users on sites where they are embedded by the publisher, thus obtaining a fragmented view of a user's online…

Cryptography and Security · Computer Science 2018-05-04 Anupama Aggarwal , Bimal Viswanath , Saravana Kumar , Ayush Shah , Liang Zhang , Ponnurangam Kumaraguru

The "eternal war in cache" has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested. A common approach for countermeasures is to disable or restrict JavaScript features deemed essential for…

Cryptography and Security · Computer Science 2021-03-09 Anatoly Shusterman , Ayush Agarwal , Sioli O'Connell , Daniel Genkin , Yossi Oren , Yuval Yarom

Browser extensions have been established as a common feature present in modern browsers. However, some extension systems risk exposing APIs which are too permissive and cohesive with the browser's internal structure, thus leaving a hole for…

Cryptography and Security · Computer Science 2017-09-28 Raffaello Perrotta , Feng Hao

The web is used daily by billions. Even so, users are not protected from many threats by default. This position paper builds on previous web privacy and security research and introduces JShelter, a webextension that fights to return the…

Cryptography and Security · Computer Science 2023-05-08 Libor Polčák , Marek Saloň , Giorgio Maone , Radek Hranický , Michael McMahon

This paper is the first attempt at providing a holistic view of the Chrome Web Store (CWS). We leverage historical data provided by ChromeStats to study global trends in the CWS and security implications. We first highlight the extremely…

Cryptography and Security · Computer Science 2024-06-19 Sheryl Hsu , Manda Tran , Aurore Fass

Recent Searchable Symmetric Encryption (SSE) schemes enable secure searching over an encrypted database stored in a server while limiting the information leaked to the server. These schemes focus on hiding the access pattern, which refers…

Cryptography and Security · Computer Science 2020-10-08 Simon Oya , Florian Kerschbaum