Skip to main content


An Empirical Study of Browser's Evolution


Web success is associated with the expansion of web interfaces in software. They have replaced many thick-clients and command-line interfaces. HTML is now a widely adopted generic user-interface description language. The cloud-computing trend set browsers in a central position, handling all our personal and professional information. Online banking and e-commerce are the sources of an attractive cash flow for online thefts, and all this personal information is sold on black markets. Unsurprisingly, web browsers are consequently the favorite targets of online attacks.


The fierce competition between browser vendors is associated with a features race, leading to partial implementation of W3C norms, and non-standard features. It resulted in a fast release pace of new browser versions over these last years.

While positively perceived by users, such competition can have a negative impact on browser security and user privacy. This increasing number of features and the discrepancies between browser vendors' implementations facilitate the attacker task for cross site scripting (XSS) and drive-by download attacks.

Through this thesis, we propose to adopt the attacker's viewpoint. We will test and analyze the browsers' engines as black-boxes, like hackers using the latest browsers' evolutions to evade current detection techniques or bypass protections.

Coming to the overall objectives of a research leading to the better understandings of browser's role in security, this thesis provides an instrument to understand XSS attack vectors.

We categorize them, evaluate the exposure of web browsers against XSS and may eventually open the field, but this is beyond the scope of this thesis, to a new strategy to detect future client-side attacks, however this last point is beyond the scope of this thesis.


File Type: PDF
File Size: 2.50 MB
Total Pages: 170

Direct Link Mega:
Download Now
Direct Link AnonFiles:
Download Now
Direct Link Mediafire:
Download Now
Direct Link Solidfiles:
Download Now
Direct Link Sabercathost:
Download Now
Direct Link Tusfiles:
Download Now

Comments

Popular posts from this blog

Web Hacking 101

With a Foreword written by HackerOne Co-Founders Michiel Prins and Jobert Abma, Web Hacking 101 is about the ethical exploration of software for security issues but learning to hack isn't always easy. With few exceptions, existing books are overly technical, only dedicate a single chapter to website vulnerabilities or don't include any real world examples. This book is different. Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties.

Android Things Quick Start Guide

Android Things is the new Android based Operating System for the Internet of Things. With this book you will learn the core concepts by running code examples on different peripherals. Android Things is the IoT platform made by Google, based on Android. It allows us to build smart devices in a simple and convenient way, leveraging on the Android ecosystem tools and libraries, while letting Google take care of security updates.

Programming QuickStart Box Set

This tutorial on HTML is designed specifically for aspiring developers and web designers. This tutorial is explained in enough detail with practical examples and a simple overview so that it can be easily understood by beginners and provides enough knowledge to design their own webpages. You can get a higher level of expertise with some practice.  HTML or Hyper Text Markup Language is the most commonly used language for developing web pages.