Development of a browser extension for web application vulnerability detection, avoidance, and secure browsing (VDAS)
Alya Geogiana Buja, Nurul Syahirah Khairuddin, Noor Afni Deraman and Khyrina Airin Fariza Abu Samah
Abstract
This paper presents the development of a browser extension for web application vulnerability detection, avoidance and secures browsing. Number of attacks on websites are increasing from time to time. This attack can be happened because of the vulnerabilities exists in application code, perhaps missing validation during the development. Therefore, the aim of this extension is to detect the web application vulnerabilities, which indirectly can provide a secure browsing environment to avoid Internet users from being compromised by attackers. There are four types of web application vulnerabilities considered during the development of the Vulnerability Detection, Avoidance, and Secure Browsing (VDAS) namely Cross Site Scripting (XSS), Structured Query Language injection (SQLi), Local File Inclusion (LCI), and Remote Command Execution (RCE). The VDAS is designed based on data mining approaches. There are five phases involved in developing the VDAS; preliminary study, requirement analysis, system design, system development and system testing. The accuracy of the developed extension was successfully tested and validated by using Vega. In this study, the VDAS was only applied on Google Chrome. Hence, further work is recommended to ensure that the VDAS can be applied on other browsers as well.
Keyword
Browser, Cyber-attack, Cyber security, Extension.
Cite this article
Buja AG, Khairuddin NS, Deraman NA, Fariza Abu Samah KA.Development of a browser extension for web application vulnerability detection, avoidance, and secure browsing (VDAS). International Journal of Advanced Technology and Engineering Exploration. 2021;8(77):537-544. DOI:10.19101/IJATEE.2020.762187
Refference
[1]Makino Y, Klyuev V. Evaluation of web vulnerability scanners. In 8th international conference on intelligent data acquisition and advanced computing systems: technology and applications 2015 (pp. 399-402). IEEE.
[2]www.owasp.org/index.php/Top_10_2017-Top_10. Accessed 04 January 2019.
[3]https://owasp.org/www-project-top-ten/. Accessed 04 January 2019.
[4]Awoleye OM, Ojuloge B, Ilori MO. Web application vulnerability assessment and policy direction towards a secure smart government. Government Information Quarterly. 2014; 31:S118-25.
[5]Huang C, Liu J, Fang Y, Zuo Z. A study on Web security incidents in China by analyzing vulnerability disclosure platforms. Computers & Security. 2016; 58:47-62.
[6]Begum A, Hassan MM, Bhuiyan T, Sharif MH. RFI and SQLi based local file inclusion vulnerabilities in web applications of Bangladesh. In international workshop on computational intelligence 2016 (pp. 21-5). IEEE.
[7]Smeets YR. Improving the adoption of dynamic web security vulnerability scanners. Radboud University, NL. 2015.
[8]Surian RU, Abd Rahman NA, Nathan Y. Nscanner: vulnerabilities detection tool for web application. In journal of physics: conference series 2020 (pp.1-9). IOP Publishing.
[9]Touseef P, Alam KA, Jamil A, Tauseef H, Ajmal S, Asif R, et al. Analysis of automated web application security vulnerabilities testing. In proceedings of the international conference on future networks and distributed systems 2019 (pp. 1-8).
[10]Jan S, Panichella A, Arcuri A, Briand L. Search-based multi-vulnerability testing of XML injections in web applications. Empirical Software Engineering. 2019; 24(6):3696-729.
[11]Bairwa S, Mewara B, Gajrani J. Vulnerability scanners-a proactive approach to assess web application security. International Journal on Computational Sciences & Applications. 2014.
[12]Ahanger TA. Port scan-a security concern. International Journal of Engineering and Innovative Technology. 2014; 3(10):241.
[13]Erturk E, Rajan A. Web vulnerability scanners: a case study. arXiv preprint arXiv:1706.08017. 2017.
[14]Rohrmann RR. Large scale anonymous port scanning. University of Arizona. 2017.
[15]https://resources.infosecinstitute.com/topic/the-art-of-network-vulnerability-assessment/. Accessed 04 January 2019.
[16]Saleh AZ, Rozali NA, Buja AG, Jalil KA, Ali FH, Rahman TF. A method for web application vulnerabilities detection by using Boyer-Moore string matching algorithm. Procedia Computer Science. 2015; 72:112-21.
[17]Buja G, Abd Jalil KB, Ali FB, Rahman TF. Detection model for SQL injection attack: An approach for preventing a web application from the SQL injection attack. In symposium on computer applications and industrial electronics 2014 (pp. 60-4). IEEE.
[18]Rahman TF, Buja AG, Abd K, Ali FM. SQL injection attack scanner using Boyer-Moore string matching algorithm. JCP. 2017; 12(2):183-9.
[19]Gol D, Shah N. Detection of web appication vulnerability based on RUP model. In national conference on recent advances in electronics & computer engineering 2015 (pp. 96-100). IEEE.
[20]Vithanage NM, Jeyamohan N. WebGuardia-An integrated penetration testing system to detect web application vulnerabilities. In international conference on wireless communications, signal processing and networking 2016 (pp. 221-7). IEEE.
[21]Zech P, Felderer M, Breu R. Knowledge-based security testing of web applications by logic programming. International Journal on Software Tools for Technology Transfer. 2019; 21(2):221-46.
[22]Naeem H. Detection of malicious activities in internet of things environment based on binary visualization and machine intelligence. Wireless Personal Communications. 2019; 108(4):2609-29.
[23]Naeem H, Guo B, Naeem MR, Ullah F, Aldabbas H, Javed MS. Identification of malicious code variants based on image visualization. Computers & Electrical Engineering. 2019; 76:225-37.
[24]Mantra IG, Hartawan MS, Saragih H, Abd Rahman A. Web vulnerability assessment and maturity model analysis on Indonesia higher education. Procedia Computer Science. 2019; 161:1165-72.
[25]Marashdih AW, Zaaba ZF, Suwais K, Mohd NA. Web application security: an investigation on static analysis with other algorithms to detect cross site scripting. Procedia Computer Science. 2019; 161:1173-81.
[26]Nurmyshev S, Kozhakhmet K, Atymtayeva L. Architecture of web based intellectual vulnerability scanners for OWASP web application auditing process. Int. Journal AETA, NSP. 2016; 5(3):51-5.