(Publisher of Peer Reviewed Open Access Journals)
Navigation

International Journal of Advanced Technology and Engineering Exploration (IJATEE)

ISSN (Print):2394-5443    ISSN (Online):2394-7454
Volume-8 Issue-77 April-2021
Full-Text PDF
Paper Title : Development of a browser extension for web application vulnerability detection, avoidance, and secure browsing (VDAS)
Author Name : Alya Geogiana Buja, Nurul Syahirah Khairuddin, Noor Afni Deraman and Khyrina Airin Fariza Abu Samah
Abstract :

This paper presents the development of a browser extension for web application vulnerability detection, avoidance and secures browsing. Number of attacks on websites are increasing from time to time. This attack can be happened because of the vulnerabilities exists in application code, perhaps missing validation during the development. Therefore, the aim of this extension is to detect the web application vulnerabilities, which indirectly can provide a secure browsing environment to avoid Internet users from being compromised by attackers. There are four types of web application vulnerabilities considered during the development of the Vulnerability Detection, Avoidance, and Secure Browsing (VDAS) namely Cross Site Scripting (XSS), Structured Query Language injection (SQLi), Local File Inclusion (LCI), and Remote Command Execution (RCE). The VDAS is designed based on data mining approaches. There are five phases involved in developing the VDAS; preliminary study, requirement analysis, system design, system development and system testing. The accuracy of the developed extension was successfully tested and validated by using Vega. In this study, the VDAS was only applied on Google Chrome. Hence, further work is recommended to ensure that the VDAS can be applied on other browsers as well.
Keywords : Browser, Cyber-attack, Cyber security, Extension.
Cite this article : Buja AG, Khairuddin NS, Deraman NA, Fariza Abu Samah KA. Development of a browser extension for web application vulnerability detection, avoidance, and secure browsing (VDAS). International Journal of Advanced Technology and Engineering Exploration. 2021; 8(77):537-544. DOI:10.19101/IJATEE.2020.762187.
References :
[1]Makino Y, Klyuev V. Evaluation of web vulnerability scanners. In 8th international conference on intelligent data acquisition and advanced computing systems: technology and applications 2015 (pp. 399-402). IEEE.
[Crossref] [Google Scholar]
[2]www.owasp.org/index.php/Top_10_2017-Top_10. Accessed 04 January 2019.
[3]https://owasp.org/www-project-top-ten/. Accessed 04 January 2019.
[4]Awoleye OM, Ojuloge B, Ilori MO. Web application vulnerability assessment and policy direction towards a secure smart government. Government Information Quarterly. 2014; 31:S118-25.
[Crossref] [Google Scholar]
[5]Huang C, Liu J, Fang Y, Zuo Z. A study on Web security incidents in China by analyzing vulnerability disclosure platforms. Computers & Security. 2016; 58:47-62.
[Crossref] [Google Scholar]
[6]Begum A, Hassan MM, Bhuiyan T, Sharif MH. RFI and SQLi based local file inclusion vulnerabilities in web applications of Bangladesh. In international workshop on computational intelligence 2016 (pp. 21-5). IEEE.
[Crossref] [Google Scholar]
[7]Smeets YR. Improving the adoption of dynamic web security vulnerability scanners. Radboud University, NL. 2015.
[Google Scholar]
[8]Surian RU, Abd Rahman NA, Nathan Y. Nscanner: vulnerabilities detection tool for web application. In journal of physics: conference series 2020 (pp.1-9). IOP Publishing.
[Crossref] [Google Scholar]
[9]Touseef P, Alam KA, Jamil A, Tauseef H, Ajmal S, Asif R, et al. Analysis of automated web application security vulnerabilities testing. In proceedings of the international conference on future networks and distributed systems 2019 (pp. 1-8).
[Crossref] [Google Scholar]
[10]Jan S, Panichella A, Arcuri A, Briand L. Search-based multi-vulnerability testing of XML injections in web applications. Empirical Software Engineering. 2019; 24(6):3696-729.
[Crossref] [Google Scholar]
[11]Bairwa S, Mewara B, Gajrani J. Vulnerability scanners-a proactive approach to assess web application security. International Journal on Computational Sciences & Applications. 2014.
[Google Scholar]
[12]Ahanger TA. Port scan-a security concern. International Journal of Engineering and Innovative Technology. 2014; 3(10):241.
[Google Scholar]
[13]Erturk E, Rajan A. Web vulnerability scanners: a case study. arXiv preprint arXiv:1706.08017. 2017.
[Google Scholar]
[14]Rohrmann RR. Large scale anonymous port scanning. University of Arizona. 2017.
[Google Scholar]
[15]https://resources.infosecinstitute.com/topic/the-art-of-network-vulnerability-assessment/. Accessed 04 January 2019.
[16]Saleh AZ, Rozali NA, Buja AG, Jalil KA, Ali FH, Rahman TF. A method for web application vulnerabilities detection by using Boyer-Moore string matching algorithm. Procedia Computer Science. 2015; 72:112-21.
[Crossref] [Google Scholar]
[17]Buja G, Abd Jalil KB, Ali FB, Rahman TF. Detection model for SQL injection attack: An approach for preventing a web application from the SQL injection attack. In symposium on computer applications and industrial electronics 2014 (pp. 60-4). IEEE.
[Crossref] [Google Scholar]
[18]Rahman TF, Buja AG, Abd K, Ali FM. SQL injection attack scanner using Boyer-Moore string matching algorithm. JCP. 2017; 12(2):183-9.
[Crossref] [Google Scholar]
[19]Gol D, Shah N. Detection of web appication vulnerability based on RUP model. In national conference on recent advances in electronics & computer engineering 2015 (pp. 96-100). IEEE.
[Crossref] [Google Scholar]
[20]Vithanage NM, Jeyamohan N. WebGuardia-An integrated penetration testing system to detect web application vulnerabilities. In international conference on wireless communications, signal processing and networking 2016 (pp. 221-7). IEEE.
[Crossref] [Google Scholar]
[21]Zech P, Felderer M, Breu R. Knowledge-based security testing of web applications by logic programming. International Journal on Software Tools for Technology Transfer. 2019; 21(2):221-46.
[Crossref] [Google Scholar]
[22]Naeem H. Detection of malicious activities in internet of things environment based on binary visualization and machine intelligence. Wireless Personal Communications. 2019; 108(4):2609-29.
[Crossref] [Google Scholar]
[23]Naeem H, Guo B, Naeem MR, Ullah F, Aldabbas H, Javed MS. Identification of malicious code variants based on image visualization. Computers & Electrical Engineering. 2019; 76:225-37.
[Crossref] [Google Scholar]
[24]Mantra IG, Hartawan MS, Saragih H, Abd Rahman A. Web vulnerability assessment and maturity model analysis on Indonesia higher education. Procedia Computer Science. 2019; 161:1165-72.
[Crossref] [Google Scholar]
[25]Marashdih AW, Zaaba ZF, Suwais K, Mohd NA. Web application security: an investigation on static analysis with other algorithms to detect cross site scripting. Procedia Computer Science. 2019; 161:1173-81.
[Crossref] [Google Scholar]
[26]Nurmyshev S, Kozhakhmet K, Atymtayeva L. Architecture of web based intellectual vulnerability scanners for OWASP web application auditing process. Int. Journal AETA, NSP. 2016; 5(3):51-5.
[Google Scholar]