Regresar

XSStudent: Proposal to Avoid Cross-Site Scripting (XSS) Attacks in Universities

Abstract:

QR codes are the means to offer more direct and instant access to information. However, QR codes have shown their deficiency, being a very powerful attack vector, for example, to execute phishing attacks. In this study, we have proposed a solution that allows controlling access to the information offered by QR codes. Through a scanner designed in APP Inventor which has been called XSStudent, a system has been built that analyzes the URLs obtained and compares them with a previously trained system. This study was executed by means of a controlled attack to the users of the university who through a flyer with a QR code and a fictional link accessed an infected page with JavaScript code that allowed a successful cross-site scripting attack. The results indicate that 100% of the users are vulnerable to this type of attacks, so also, with our proposal, an attack executed in the universities using the Beef software would be totally blocked.

Año de publicación:

2019

Keywords:

  • BEEf
  • XSS
  • QR code

Fuente:

googlegoogle
scopusscopus

Tipo de documento:

Conference Object

Estado:

Acceso restringido

Áreas de conocimiento:

  • Ciencias de la computación

Áreas temáticas:

  • Programación informática, programas, datos, seguridad
  • Criminología
  • Escuelas y sus actividades; educación especial

Contribuidores:

Pamela FloresPamela Flores
Jenny TorresJenny Torres
Eduardo Benavides-AstudilloEduardo Benavides-Astudillo
Daniel Nu˜nez-AgurtoDaniel Nu˜nez-Agurto
Germán Rodríguez-GalánGermán Rodríguez-Galán