The explosion of the web has profoundly changed the way we interact with software. From command-line applications to office automation, all our tools have been transformed into web applications accessible anywhere from any browser. HTML has become de facto the universal language for graphic interface description. The rise of the cloud puts the browser at the center of our interactions with modern computing. Our digital life, whether personal or professional, is centralized in this unique gateway to the digital world.
The success of e-commerce and the management of our online bank accounts has attracted the greed of a slew of crooks and pirates.
Even our personal information is minted on the black market. It is therefore not surprising that web browsers are the number one target of online attacks. When the competition is raging between browser vendors, the bidding of features is not far.
With a negative impact on the quality of development. Undocumented, non-standardized or sloppy implementations of W3C standards are the direct consequences of this war that browser vendors are making new versions of.
The user often sees the novelty as something positive, but he is not expert and, in this sense, does not necessarily perceive the negative impact that such a competition may have on his security or his private life. These ever-increasing features and differences in behavior between browsers are fertile ground for cross site scripting (XSS) and drive-by download attacks.
This thesis thus provides the necessary tools to understand and evaluate the real impact of XSS vectors on browsers. This understanding opens the door to a new browser detection detection strategy. A strategy able to take into account the future evolutions of these attacks.
File Type: PDF
File Size: 2.50 MB
Total Pages: 170
Direct Link Mega:
Direct Link AnonFiles:
Direct Link Mediafire:
Direct Link Solidfiles:
Direct Link Sabercathost:
Direct Link Tusfiles: