The web: a hacker's heaven and an on-line system
Article No.: 6, Pages 1 - 7
Abstract
The internet was supposed to be an interconnection of independent distributed computer and information systems; the web was formally introduced in 1994 at the first conference now known as WWW1 in Geneva, It was supposed to make easier access to a trove of decentralized, independently owned information, The web has made it possible for billions of users to access the internet and its resources. As with any project, whether software or not, unless it is thoroughly thought out, the final outcome has bugs, commissions, omissions, vulnerabilities, and shortfalls. The web has made it possible for a small number of corporations to amass huge quantities of private information and mine them for profit. In this survey paper, we have shown how some of these shortfalls of the web and have impacted CrsMgr, an online course management system and what has been attempted to address these issues.
References
[1]
All about Cookies, https://www.allaboutcookies.org/cookies/
[2]
Auger, Robert: The Cross-site Request Forgery (CSRF/XSRF) FAQ, https://www.cgisecurity.com/csrf-faq.html
[3]
Desai, Bipin C.: Technological Singularities, Proc. IDEAS 2015, Yokohoma, Japan, July 2015, pp 10--22
[4]
Desai, Bipin C.: IoT: Imminent ownership Threat, Proc. IDEA2017, Bristol, UK, July 2017, pp 82--89
[5]
Desai, Bipin C.: Privacy in the age of information (and algorithms), Porc. IDEAS 2019, Athens, Greece, une 2019, pp 1--12
[6]
Bonenfant, Maude; Desai, Bipin C.; Desai, Drew; Fung, Benjamin C. M.;. Özsu, Tamer; Ullman, Jeffrey D.: Panel: The State of Data: Invited Paper from panelists, Proc. IDEAS2016, Montreal, Canada, July 2016, pp 2--11
[7]
Bush, Vannevar: As we may think, The Atlantic, July 1945, https://www.theatlantic.com/magazine/archive/1945/07/as-we-may-think/303881/
[8]
Capano, F. Edit this cookie, http://www.editthiscookie.com/
[9]
Cross-site request forgery (CSRF), Wikipedia, https://en.wikipedia.org/wiki/Cross-site_request_forgery
[10]
Cross-site Scripting, Wikipedia, https://en.wikipedia.org/wiki/Cross-site_scripting
[11]
Distributed Denial of Service Attacks - The Internet Protocol Journal - Volume 7, Number 4. Cisco. https://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-30/community.cisco.com/t5/security/ct-p/4561-security
[12]
Bibliography of Doug Engelbart, Doug Engelbart Institute, https://www.dougengelbart.org/content/view/163/124/
[13]
Denial-of-Service (DoS) attack, Wikipedia, https://en.wikipedia.org/wiki/Denial-of-service_attack
[14]
Goodin, Dan "US service provider survives the biggest recorded DDoS in history". Ars Technica. https://arstechnica.com/information-technology/2018/03/us-service-provider-survives-the-biggest-recorded-ddos-in-history/
[15]
Google's Orkut Social Network Hacked, DarkReading, https://www.darkreading.com/vulnerabilities-threats/googles-orkut-social-network-hacked-/d/d-id/1129197
[16]
Hopgood, Bob: History of the Web, Oxford Brookes University 2001, https://www.w3.org/2012/08/history-of-the-web/origins.htm#c7
[17]
Internet Engineering Task Force (IETF), HTTP State Management Mechanism, April 2011, https://tools.ietf.org/html/rfc6265
[18]
OWASP, SQL Injection, https://owasp.org/www-community/attacks/SQL_Injection
[19]
OWASP, Cross Site Scripting (XSS), https://owasp.org/www-community/attacks/xss/
[20]
OWASP Top Ten 2017, Broken Authentication, https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A2-Broken_Authentication
[21]
OWASP Top Ten 2017, Insecure Direct Object Reference Prevention Cheat Sheet, https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.html
[22]
OWASP Top Ten 2017, Security Misconfiguration, https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A6-Security_Misconfiguration
[23]
OWASP Cross Site Request Forgery, https://owasp.org/www-community/attacks/csrf
[24]
OWASP Top Ten 2017, Sensitive Data Exposure, https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A3-Sensitive_Data_Exposure
[25]
OWASP Denial of Service Cheat Sheet Article, https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html
[26]
OWASP Top Ten 2017, Insufficient Logging and Monitoring, https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A10-Insufficient_Logging%252526Monitoring.html
[27]
Shiflett, Chris; Cross-Site Request Forgeries, PHP Architect, Dec 2004, http://shiflett.org/articles/cross-site-request-forgeries
[28]
Session ID, Wikipedia, https://en.wikipedia.org/wiki/Session_ID
[29]
Using HTTP Cookies, MDN Contributors, https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_cookies
[30]
SQL Injection, Wikipedia, https://en.wikipedia.org/wiki/SQL_injection
[31]
HTTPOnly Cookie, https://owasp.org/www-community/HttpOnly
[32]
How to prevent SQL injection attacks, https://www.ptsecurity.com/ww-en/analytics/knowledge-base/how-to-prevent-sql-injection-attacks/#4
[33]
SQL Injection, https://portswigger.net/web-security/sql-injection
[34]
Washkuch Jr., Frank: SC Magazine, https://www.scmagazine.com/home/security-news/netflix-fixes-cross-site-request-forgery-hole/
[35]
As We May Think, Wikipedia, https://en.wikipedia.org/wiki/As_We_May_Think
[36]
NLS or oN-Line System (computer system), Wikipedia, https://en.wikipedia.org/wiki/NLS_(computer_system)
[37]
HTTP cookie, Wikipedia, https://en.wikipedia.org/wiki/HTTP_cookie
[38]
W3C, 5 HTML Document Representation, https://www.w3.org/TR/REC-html40-971218/charset.html#h-5.3.2.
[39]
A little history of the World Wide Web, https://www.w3.org/History.html
[40]
Zhu, Jianhui: Secure CrsMgr: a course manager system, Master's thesis, Concordia University, 2016.
[41]
Zhu, Jianhui; Zhou, Xichen; Desai, Bipin C.: Data on the move and Issues of Privacy and security: Dangers of the web, Proc. IDEAS2016, MOntreal, Canada, July 2016, pp 87--96
Index Terms
- The web: a hacker's heaven and an on-line system
Recommendations
The Web of Betrayals
IDEAS '18: Proceedings of the 22nd International Database Engineering & Applications SymposiumThe web was ushered in with great expectations, formally in May 1994, in a conference called World Wide Web I, This event, in hindsight, is sometimes referred to as the Woodstock of the web. The web and Mosaic, the graphical browser, which was announced ...
Better security and privacy for web browsers: a survey of techniques, and a new implementation
FAST'11: Proceedings of the 8th international conference on Formal Aspects of Security and TrustThe web browser is one of the most security critical software components today. It is used to interact with a variety of important applications and services, including social networking services, e-mail services, and e-commerce and e-health ...
Cookies and Web browser design: toward realizing informed consent online
CHI '01: Proceedings of the SIGCHI Conference on Human Factors in Computing SystemsWe first provide criteria for assessing informed consent online. Then we examine how cookie technology and Web browser designs have responded to concerns about informed consent. Specifically, we document relevant design changes in Netscape Navigator and ...
Comments
Information & Contributors
Information
Published In
Copyright © 2020 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 25 August 2020
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
IDEAS 2020
IDEAS 2020: 24th International Database Engineering & Applications Symposium
August 12 - 14, 2020
Seoul, Republic of Korea
Acceptance Rates
IDEAS '20 Paper Acceptance Rate 27 of 57 submissions, 47%;
Overall Acceptance Rate 74 of 210 submissions, 35%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 66Total Downloads
- Downloads (Last 12 months)6
- Downloads (Last 6 weeks)1
Reflects downloads up to 09 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in