scholarly journals Rethinking the Use of Resource Hints in HTML5: Is Faster Always Better!?

2017 ◽  
Author(s):  
N. Vlajic ◽  
X. Y. Shi ◽  
H. Roumani ◽  
P. Madani
Keyword(s):  
Research Literature ◽  
Business Analytics ◽  
Web Resources ◽  
Recent Trends ◽  
Internet Community ◽  
New Form ◽  
Client Side ◽  
Cross Site Request Forgery ◽  
Time Resource ◽  
Cross Site

To date, much of the development in Web-related technologies has been driven by the users’ quest for ever faster and more intuitive WWW. One of the most recent trends in this development is built around the idea that a user’s WWW experience can further be improved by predicting and/or preloading Web resources that are likely sought by the user, ahead of time. Resource hints is a set of features introduced in HTML5 and intended to support the idea of predictive preloading in the WWW. Inspite of the fact that resource hints were originally intended to enhance the online user experience, their introduction has unfortunately created a vulnerability that can be exploited to attack the user’s privacy, security and reputation, or to turn the user’s computer into a bot that can compromise the integrity of business analytics. In this article we outline six different scenarios (i.e., attacks) in which the resource hints could end up turning the browser into a dangerous tool that acts without the knowledge of and/or against its very own user. What makes these attacks particularly concerning is the fact that they are extremely easy to execute, and they do not require that any form of client-side malware be implanted on the user machine. While one of the attacks is (just) a new form of the well-known cross-site request forgery attacks, the other attacks have not been addressed much or at all in the research literature. Through this work, we ultimate hope to make the wider Internet community critically rethink the way the resource hints are implemented and used in today’sWWW.  

Cross-Site Request Forgery: Vulnerabilities and Defenses

2014 ◽  
Vol 3 (2) ◽  
pp. 13-21 ◽  
Author(s):  
Bharti Nagpal ◽  
Naresh Chauhan ◽  
Nanhay Singh
Keyword(s):  
Cross Site Request Forgery ◽  
Cross Site

scholarly journals Recent Trends in JSON Filters

2021 ◽  
pp. 87-93
Author(s):  
Atul Jain ◽  
ShashiKant Gupta
Keyword(s):  
Programming Language ◽  
Web Application ◽  
Data Exchange ◽  
Web Applications ◽  
Data Format ◽  
Data Exchange Format ◽  
Exchange Format ◽  
Recent Trends ◽  
Client Side ◽  
Extract Information

JavaScript Object Notation is a text-based data exchange format for structuring data between a server and web application on the client-side. It is basically a data format, so it is not limited to Ajax-style web applications and can be used with API’s to exchange or store information. However, the whole data never to be used by the system or application, It needs some extract of a piece of requirement that may vary person to person and with the changing of time. The searching and filtration from the JSON string are very typical so most of the studies give only basics operation to query the data from the JSON object. The aim of this paper to find out all the methods with different technology to search and filter with JSON data. It explains the extensive results of previous research on the JSONiq Flwor expression and compares it with the json-query module of npm to extract information from JSON. This research has the intention of achieving the data from JSON with some advanced operators with the help of a prototype in json-query package of NodeJS. Thus, the data can be filtered out more efficiently and accurately without the need for any other programming language dependency. The main objective is to filter the JSON data the same as the SQL language query.

Preventing Cross Site Request Forgery Attacks

2006 ◽  
Author(s):  
Nenad Jovanovic ◽  
Engin Kirda ◽  
Christopher Kruegel
Keyword(s):  
Cross Site Request Forgery ◽  
Cross Site
Sign in / Sign up

Export Citation Format

Share Document