Tse, Kai Shun Scottie. / "December 2010." / Thesis (M.Phil.)--Chinese University of Hong Kong, 2011. / Includes bibliographical references (p. 52-54). / Abstracts in English and Chinese. / Abstract --- p.ii / Acknowledgements --- p.iii / List of Figures --- p.vi / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Web 2.0 --- p.2 / Chapter 1.2 --- Research Motivation --- p.2 / Chapter 2 --- Background Study on Web Attacks --- p.4 / Chapter 2.1 --- Cross Site Scripting (XSS) --- p.5 / Chapter 2.2 --- Cross Channel Scripting (XCS) --- p.6 / Chapter 2.3 --- Cross Site Request Forgery (CSRF) --- p.6 / Chapter 2.4 --- Click Jacking --- p.7 / Chapter 2.5 --- Extension and plugins vulnerabilities --- p.8 / Chapter 2.6 --- Privacy Issue --- p.10 / Chapter 2.7 --- Network security --- p.12 / Chapter 2.8 --- Developer implementation flaw --- p.13 / Chapter 2.9 --- Chapter Summary --- p.15 / Chapter 3 --- Defenses on Web Attacks --- p.17 / Chapter 3.1 --- Same Origin Policy --- p.17 / Chapter 3.2 --- Filtering mechanism --- p.18 / Chapter 3.2.1 --- Client-side filtering --- p.18 / Chapter 3.2.2 --- Server-side filtering --- p.19 / Chapter 3.3 --- XSS Defenses --- p.20 / Chapter 3.4 --- CSRF Defenses --- p.22 / Chapter 3.5 --- Browser warnings --- p.23 / Chapter 3.6 --- Chapter Summary --- p.24 / Chapter 4 --- On web communication --- p.26 / Chapter 4.1 --- On cross domain communication --- p.26 / Chapter 4.1.1 --- HTML5 --- p.26 / Chapter 4.1.2 --- Flash 10 --- p.28 / Chapter 4.1.3 --- Extended studys crossdomain.xml of Flash --- p.29 / Chapter 4.2 --- On cross frame communication --- p.32 / Chapter 4.3 --- Trusted Notification System --- p.35 / Chapter 4.3.1 --- Assumptions --- p.35 / Chapter 4.3.2 --- Implementation Issues --- p.35 / Chapter 4.3.3 --- Information flow --- p.37 / Chapter 4.3.4 --- Features --- p.38 / Chapter 4.3.4.1 --- Counter fake --- p.38 / Chapter 4.3.4.2 --- Plug and play --- p.38 / Chapter 4.3.4.3 --- Mitigate future attacks --- p.39 / Chapter 4.3.4.4 --- Session persist after logout --- p.39 / Chapter 4.3.4.5 --- Follow the standards --- p.40 / Chapter 4.3.5 --- Related works --- p.40 / Chapter 4.4 --- Chapter Summary --- p.41 / Chapter 5 --- Conclusion --- p.43 / Chapter 5.1 --- Contributions --- p.43 / Chapter 5.2 --- Discussions and future work --- p.44 / Chapter A --- Non-persistent XSS attack on Horde --- p.45 / Chapter B --- Data tampering attack on facebook application --- p.50 / Bibliography --- p.52
| Identifer | oai:union.ndltd.org:cuhk.edu.hk/oai:cuhk-dr:cuhk_327454 |
| Date | January 2011 |
| Contributors | Tse, Kai Shun Scottie., Chinese University of Hong Kong Graduate School. Division of Information Engineering. |
| Source Sets | The Chinese University of Hong Kong |
| Language | English, Chinese |
| Detected Language | English |
| Type | Text, bibliography |
| Format | print, vi, 54 p. : ill. ; 30 cm. |
| Rights | Use of this resource is governed by the terms and conditions of the Creative Commons “Attribution-NonCommercial-NoDerivatives 4.0 International” License (http://creativecommons.org/licenses/by-nc-nd/4.0/) |
Page generated in 0.0026 seconds