skip to main content
10.1145/3410566.3410589acmotherconferencesArticle/Chapter ViewAbstractPublication PagesideasConference Proceedingsconference-collections
research-article

The web: a hacker's heaven and an on-line system

Published:25 August 2020Publication History

ABSTRACT

The internet was supposed to be an interconnection of independent distributed computer and information systems; the web was formally introduced in 1994 at the first conference now known as WWW1 in Geneva, It was supposed to make easier access to a trove of decentralized, independently owned information, The web has made it possible for billions of users to access the internet and its resources. As with any project, whether software or not, unless it is thoroughly thought out, the final outcome has bugs, commissions, omissions, vulnerabilities, and shortfalls. The web has made it possible for a small number of corporations to amass huge quantities of private information and mine them for profit. In this survey paper, we have shown how some of these shortfalls of the web and have impacted CrsMgr, an online course management system and what has been attempted to address these issues.

References

  1. All about Cookies, https://www.allaboutcookies.org/cookies/Google ScholarGoogle Scholar
  2. Auger, Robert: The Cross-site Request Forgery (CSRF/XSRF) FAQ, https://www.cgisecurity.com/csrf-faq.htmlGoogle ScholarGoogle Scholar
  3. Desai, Bipin C.: Technological Singularities, Proc. IDEAS 2015, Yokohoma, Japan, July 2015, pp 10--22 Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Desai, Bipin C.: IoT: Imminent ownership Threat, Proc. IDEA2017, Bristol, UK, July 2017, pp 82--89 Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Desai, Bipin C.: Privacy in the age of information (and algorithms), Porc. IDEAS 2019, Athens, Greece, une 2019, pp 1--12 Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Bonenfant, Maude; Desai, Bipin C.; Desai, Drew; Fung, Benjamin C. M.;. Özsu, Tamer; Ullman, Jeffrey D.: Panel: The State of Data: Invited Paper from panelists, Proc. IDEAS2016, Montreal, Canada, July 2016, pp 2--11 Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Bush, Vannevar: As we may think, The Atlantic, July 1945, https://www.theatlantic.com/magazine/archive/1945/07/as-we-may-think/303881/Google ScholarGoogle Scholar
  8. Capano, F. Edit this cookie, http://www.editthiscookie.com/Google ScholarGoogle Scholar
  9. Cross-site request forgery (CSRF), Wikipedia, https://en.wikipedia.org/wiki/Cross-site_request_forgeryGoogle ScholarGoogle Scholar
  10. Cross-site Scripting, Wikipedia, https://en.wikipedia.org/wiki/Cross-site_scriptingGoogle ScholarGoogle Scholar
  11. Distributed Denial of Service Attacks - The Internet Protocol Journal - Volume 7, Number 4. Cisco. https://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-30/community.cisco.com/t5/security/ct-p/4561-securityGoogle ScholarGoogle Scholar
  12. Bibliography of Doug Engelbart, Doug Engelbart Institute, https://www.dougengelbart.org/content/view/163/124/Google ScholarGoogle Scholar
  13. Denial-of-Service (DoS) attack, Wikipedia, https://en.wikipedia.org/wiki/Denial-of-service_attackGoogle ScholarGoogle Scholar
  14. Goodin, Dan "US service provider survives the biggest recorded DDoS in history". Ars Technica. https://arstechnica.com/information-technology/2018/03/us-service-provider-survives-the-biggest-recorded-ddos-in-history/Google ScholarGoogle Scholar
  15. Google's Orkut Social Network Hacked, DarkReading, https://www.darkreading.com/vulnerabilities-threats/googles-orkut-social-network-hacked-/d/d-id/1129197Google ScholarGoogle Scholar
  16. Hopgood, Bob: History of the Web, Oxford Brookes University 2001, https://www.w3.org/2012/08/history-of-the-web/origins.htm#c7Google ScholarGoogle Scholar
  17. Internet Engineering Task Force (IETF), HTTP State Management Mechanism, April 2011, https://tools.ietf.org/html/rfc6265Google ScholarGoogle Scholar
  18. OWASP, SQL Injection, https://owasp.org/www-community/attacks/SQL_InjectionGoogle ScholarGoogle Scholar
  19. OWASP, Cross Site Scripting (XSS), https://owasp.org/www-community/attacks/xss/Google ScholarGoogle Scholar
  20. OWASP Top Ten 2017, Broken Authentication, https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A2-Broken_AuthenticationGoogle ScholarGoogle Scholar
  21. OWASP Top Ten 2017, Insecure Direct Object Reference Prevention Cheat Sheet, https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.htmlGoogle ScholarGoogle Scholar
  22. OWASP Top Ten 2017, Security Misconfiguration, https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A6-Security_MisconfigurationGoogle ScholarGoogle Scholar
  23. OWASP Cross Site Request Forgery, https://owasp.org/www-community/attacks/csrfGoogle ScholarGoogle Scholar
  24. OWASP Top Ten 2017, Sensitive Data Exposure, https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A3-Sensitive_Data_ExposureGoogle ScholarGoogle Scholar
  25. OWASP Denial of Service Cheat Sheet Article, https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.htmlGoogle ScholarGoogle Scholar
  26. OWASP Top Ten 2017, Insufficient Logging and Monitoring, https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A10-Insufficient_Logging%252526Monitoring.htmlGoogle ScholarGoogle Scholar
  27. Shiflett, Chris; Cross-Site Request Forgeries, PHP Architect, Dec 2004, http://shiflett.org/articles/cross-site-request-forgeriesGoogle ScholarGoogle Scholar
  28. Session ID, Wikipedia, https://en.wikipedia.org/wiki/Session_IDGoogle ScholarGoogle Scholar
  29. Using HTTP Cookies, MDN Contributors, https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_cookiesGoogle ScholarGoogle Scholar
  30. SQL Injection, Wikipedia, https://en.wikipedia.org/wiki/SQL_injectionGoogle ScholarGoogle Scholar
  31. HTTPOnly Cookie, https://owasp.org/www-community/HttpOnlyGoogle ScholarGoogle Scholar
  32. How to prevent SQL injection attacks, https://www.ptsecurity.com/ww-en/analytics/knowledge-base/how-to-prevent-sql-injection-attacks/#4Google ScholarGoogle Scholar
  33. SQL Injection, https://portswigger.net/web-security/sql-injectionGoogle ScholarGoogle Scholar
  34. Washkuch Jr., Frank: SC Magazine, https://www.scmagazine.com/home/security-news/netflix-fixes-cross-site-request-forgery-hole/Google ScholarGoogle Scholar
  35. As We May Think, Wikipedia, https://en.wikipedia.org/wiki/As_We_May_ThinkGoogle ScholarGoogle Scholar
  36. NLS or oN-Line System (computer system), Wikipedia, https://en.wikipedia.org/wiki/NLS_(computer_system)Google ScholarGoogle Scholar
  37. HTTP cookie, Wikipedia, https://en.wikipedia.org/wiki/HTTP_cookieGoogle ScholarGoogle Scholar
  38. W3C, 5 HTML Document Representation, https://www.w3.org/TR/REC-html40-971218/charset.html#h-5.3.2.Google ScholarGoogle Scholar
  39. A little history of the World Wide Web, https://www.w3.org/History.htmlGoogle ScholarGoogle Scholar
  40. Zhu, Jianhui: Secure CrsMgr: a course manager system, Master's thesis, Concordia University, 2016.Google ScholarGoogle Scholar
  41. Zhu, Jianhui; Zhou, Xichen; Desai, Bipin C.: Data on the move and Issues of Privacy and security: Dangers of the web, Proc. IDEAS2016, MOntreal, Canada, July 2016, pp 87--96 Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. The web: a hacker's heaven and an on-line system

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in
          • Published in

            cover image ACM Other conferences
            IDEAS '20: Proceedings of the 24th Symposium on International Database Engineering & Applications
            August 2020
            252 pages
            ISBN:9781450375030
            DOI:10.1145/3410566

            Copyright © 2020 ACM

            Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 25 August 2020

            Permissions

            Request permissions about this article.

            Request Permissions

            Check for updates

            Qualifiers

            • research-article

            Acceptance Rates

            IDEAS '20 Paper Acceptance Rate27of57submissions,47%Overall Acceptance Rate74of210submissions,35%
          • Article Metrics

            • Downloads (Last 12 months)7
            • Downloads (Last 6 weeks)2

            Other Metrics

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader