Uma Avaliação da Proteção de Dados Sensíveis através do Navegador Web
Abstract
Web browsers are tools of utmost importance with regard to the use of data on the internet, because they allow interaction and consumption of information provided by various services available on the Web. However, it is clear the difficulty of these tools to prevent your users are victims vulnerabilities, are located in its own internal, coming from Web applications available or results the ingenuity of the user. Our study aims at two contributions: (i) the development of a controlled environment, which is defined as a Web application that simulates real vulnerabilities susceptible to 13 separate attacks, considered most emerging today. (ii) and an evaluation of the effectiveness of 25 tools to protect users.
References
Akhawe, D. and Felt, A. P. (2013). Alice in warningland: A large-scale field study of browser security warning effectiveness. In Proceedings of the 22Nd USENIX Conference on Security, SEC’13, pages 257–272, Berkeley, CA, USA. USENIX Association.
Allen, J. H. (2001). The CERT guide to system and network security practices Series in software engineering. Addison-Wesley Professional; 1 edition.
DeRyck, P., Desmet, L., Joosen, W., Muhlberg, J., Piessens, F., Johns, M., Lekies, S., Davies, E., Farrell, S., Bos, B., and Roessler, T. (2013). Web-platform security guide: Security assessment of the web ecosystem. Technical report.
Gaurav Aggrawal, Elie Bursztein, C. J. and Boneh, D. (2010). An analysis of private browsing modes in modern browsers. In Proc. of Usenix Security.
HTML5Security (2013). Html5security cheatsheet.
Leitner, A., Ciupa, I., Oriol, M., Meyer, B., and Fiva, A. (2007). Contract driven development = tdd writing test cases. In ESEC/SIGSOFT FSE, pages 425–434. ACM.
MITRE (2011). Cwe/sans top 25 most dangerous software errors. Disponível em: http://cwe.mitre.org/top25/.
Monteverde and Campiolo (2014). Estudo e análise de vulnerabilidades web. VIII Workshop de Trabalhos de Iniciação Científica e de Graduação, 2014, Belo Horizonte.
OWASP (2013). Top ten 2013. Disponível em: https://goo.gl/VKz94B.
Secunia. Secunia vulnerability review 2015. Disponível em: http://goo.gl/ZrdrRh.
Silic, M., Krolo, J., and Delac, G. (2010). Security vulnerabilities in modern web browser architecture. MIPRO, 2010 Proceedings of the 33rd International Convention, pages 1240–1245.
V. Basili, C. C. and Rombach, H. D. (1994). Goal question metric paradigm. Encyclopedia of Software Engineering, pp. 528-532.
Allen, J. H. (2001). The CERT guide to system and network security practices Series in software engineering. Addison-Wesley Professional; 1 edition.
DeRyck, P., Desmet, L., Joosen, W., Muhlberg, J., Piessens, F., Johns, M., Lekies, S., Davies, E., Farrell, S., Bos, B., and Roessler, T. (2013). Web-platform security guide: Security assessment of the web ecosystem. Technical report.
Gaurav Aggrawal, Elie Bursztein, C. J. and Boneh, D. (2010). An analysis of private browsing modes in modern browsers. In Proc. of Usenix Security.
HTML5Security (2013). Html5security cheatsheet.
Leitner, A., Ciupa, I., Oriol, M., Meyer, B., and Fiva, A. (2007). Contract driven development = tdd writing test cases. In ESEC/SIGSOFT FSE, pages 425–434. ACM.
MITRE (2011). Cwe/sans top 25 most dangerous software errors. Disponível em: http://cwe.mitre.org/top25/.
Monteverde and Campiolo (2014). Estudo e análise de vulnerabilidades web. VIII Workshop de Trabalhos de Iniciação Científica e de Graduação, 2014, Belo Horizonte.
OWASP (2013). Top ten 2013. Disponível em: https://goo.gl/VKz94B.
Secunia. Secunia vulnerability review 2015. Disponível em: http://goo.gl/ZrdrRh.
Silic, M., Krolo, J., and Delac, G. (2010). Security vulnerabilities in modern web browser architecture. MIPRO, 2010 Proceedings of the 33rd International Convention, pages 1240–1245.
V. Basili, C. C. and Rombach, H. D. (1994). Goal question metric paradigm. Encyclopedia of Software Engineering, pp. 528-532.
Published
2015-11-09
How to Cite
SILVA, Carlo M. R. da; GARCIA, Vinicius C..
Uma Avaliação da Proteção de Dados Sensíveis através do Navegador Web. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 15. , 2015, Florianópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2015
.
p. 86-99.
DOI: https://doi.org/10.5753/sbseg.2015.20087.
