ABSTRACT
The internet was supposed to be an interconnection of independent distributed computer and information systems; the web was formally introduced in 1994 at the first conference now known as WWW1 in Geneva, It was supposed to make easier access to a trove of decentralized, independently owned information, The web has made it possible for billions of users to access the internet and its resources. As with any project, whether software or not, unless it is thoroughly thought out, the final outcome has bugs, commissions, omissions, vulnerabilities, and shortfalls. The web has made it possible for a small number of corporations to amass huge quantities of private information and mine them for profit. In this survey paper, we have shown how some of these shortfalls of the web and have impacted CrsMgr, an online course management system and what has been attempted to address these issues.
- All about Cookies, https://www.allaboutcookies.org/cookies/Google Scholar
- Auger, Robert: The Cross-site Request Forgery (CSRF/XSRF) FAQ, https://www.cgisecurity.com/csrf-faq.htmlGoogle Scholar
- Desai, Bipin C.: Technological Singularities, Proc. IDEAS 2015, Yokohoma, Japan, July 2015, pp 10--22 Google ScholarDigital Library
- Desai, Bipin C.: IoT: Imminent ownership Threat, Proc. IDEA2017, Bristol, UK, July 2017, pp 82--89 Google ScholarDigital Library
- Desai, Bipin C.: Privacy in the age of information (and algorithms), Porc. IDEAS 2019, Athens, Greece, une 2019, pp 1--12 Google ScholarDigital Library
- Bonenfant, Maude; Desai, Bipin C.; Desai, Drew; Fung, Benjamin C. M.;. Özsu, Tamer; Ullman, Jeffrey D.: Panel: The State of Data: Invited Paper from panelists, Proc. IDEAS2016, Montreal, Canada, July 2016, pp 2--11 Google ScholarDigital Library
- Bush, Vannevar: As we may think, The Atlantic, July 1945, https://www.theatlantic.com/magazine/archive/1945/07/as-we-may-think/303881/Google Scholar
- Capano, F. Edit this cookie, http://www.editthiscookie.com/Google Scholar
- Cross-site request forgery (CSRF), Wikipedia, https://en.wikipedia.org/wiki/Cross-site_request_forgeryGoogle Scholar
- Cross-site Scripting, Wikipedia, https://en.wikipedia.org/wiki/Cross-site_scriptingGoogle Scholar
- Distributed Denial of Service Attacks - The Internet Protocol Journal - Volume 7, Number 4. Cisco. https://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-30/community.cisco.com/t5/security/ct-p/4561-securityGoogle Scholar
- Bibliography of Doug Engelbart, Doug Engelbart Institute, https://www.dougengelbart.org/content/view/163/124/Google Scholar
- Denial-of-Service (DoS) attack, Wikipedia, https://en.wikipedia.org/wiki/Denial-of-service_attackGoogle Scholar
- Goodin, Dan "US service provider survives the biggest recorded DDoS in history". Ars Technica. https://arstechnica.com/information-technology/2018/03/us-service-provider-survives-the-biggest-recorded-ddos-in-history/Google Scholar
- Google's Orkut Social Network Hacked, DarkReading, https://www.darkreading.com/vulnerabilities-threats/googles-orkut-social-network-hacked-/d/d-id/1129197Google Scholar
- Hopgood, Bob: History of the Web, Oxford Brookes University 2001, https://www.w3.org/2012/08/history-of-the-web/origins.htm#c7Google Scholar
- Internet Engineering Task Force (IETF), HTTP State Management Mechanism, April 2011, https://tools.ietf.org/html/rfc6265Google Scholar
- OWASP, SQL Injection, https://owasp.org/www-community/attacks/SQL_InjectionGoogle Scholar
- OWASP, Cross Site Scripting (XSS), https://owasp.org/www-community/attacks/xss/Google Scholar
- OWASP Top Ten 2017, Broken Authentication, https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A2-Broken_AuthenticationGoogle Scholar
- OWASP Top Ten 2017, Insecure Direct Object Reference Prevention Cheat Sheet, https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.htmlGoogle Scholar
- OWASP Top Ten 2017, Security Misconfiguration, https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A6-Security_MisconfigurationGoogle Scholar
- OWASP Cross Site Request Forgery, https://owasp.org/www-community/attacks/csrfGoogle Scholar
- OWASP Top Ten 2017, Sensitive Data Exposure, https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A3-Sensitive_Data_ExposureGoogle Scholar
- OWASP Denial of Service Cheat Sheet Article, https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.htmlGoogle Scholar
- OWASP Top Ten 2017, Insufficient Logging and Monitoring, https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A10-Insufficient_Logging%252526Monitoring.htmlGoogle Scholar
- Shiflett, Chris; Cross-Site Request Forgeries, PHP Architect, Dec 2004, http://shiflett.org/articles/cross-site-request-forgeriesGoogle Scholar
- Session ID, Wikipedia, https://en.wikipedia.org/wiki/Session_IDGoogle Scholar
- Using HTTP Cookies, MDN Contributors, https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_cookiesGoogle Scholar
- SQL Injection, Wikipedia, https://en.wikipedia.org/wiki/SQL_injectionGoogle Scholar
- HTTPOnly Cookie, https://owasp.org/www-community/HttpOnlyGoogle Scholar
- How to prevent SQL injection attacks, https://www.ptsecurity.com/ww-en/analytics/knowledge-base/how-to-prevent-sql-injection-attacks/#4Google Scholar
- SQL Injection, https://portswigger.net/web-security/sql-injectionGoogle Scholar
- Washkuch Jr., Frank: SC Magazine, https://www.scmagazine.com/home/security-news/netflix-fixes-cross-site-request-forgery-hole/Google Scholar
- As We May Think, Wikipedia, https://en.wikipedia.org/wiki/As_We_May_ThinkGoogle Scholar
- NLS or oN-Line System (computer system), Wikipedia, https://en.wikipedia.org/wiki/NLS_(computer_system)Google Scholar
- HTTP cookie, Wikipedia, https://en.wikipedia.org/wiki/HTTP_cookieGoogle Scholar
- W3C, 5 HTML Document Representation, https://www.w3.org/TR/REC-html40-971218/charset.html#h-5.3.2.Google Scholar
- A little history of the World Wide Web, https://www.w3.org/History.htmlGoogle Scholar
- Zhu, Jianhui: Secure CrsMgr: a course manager system, Master's thesis, Concordia University, 2016.Google Scholar
- Zhu, Jianhui; Zhou, Xichen; Desai, Bipin C.: Data on the move and Issues of Privacy and security: Dangers of the web, Proc. IDEAS2016, MOntreal, Canada, July 2016, pp 87--96 Google ScholarDigital Library
Index Terms
The web: a hacker's heaven and an on-line system
Recommendations
The Web of Betrayals
IDEAS '18: Proceedings of the 22nd International Database Engineering & Applications SymposiumThe web was ushered in with great expectations, formally in May 1994, in a conference called World Wide Web I, This event, in hindsight, is sometimes referred to as the Woodstock of the web. The web and Mosaic, the graphical browser, which was announced ...
Better security and privacy for web browsers: a survey of techniques, and a new implementation
FAST'11: Proceedings of the 8th international conference on Formal Aspects of Security and TrustThe web browser is one of the most security critical software components today. It is used to interact with a variety of important applications and services, including social networking services, e-mail services, and e-commerce and e-health ...
Cookies and Web browser design: toward realizing informed consent online
CHI '01: Proceedings of the SIGCHI Conference on Human Factors in Computing SystemsWe first provide criteria for assessing informed consent online. Then we examine how cookie technology and Web browser designs have responded to concerns about informed consent. Specifically, we document relevant design changes in Netscape Navigator and ...
Comments