Visible to the public Biblio

Filters: Author is Benavides, Eduardo  [Clear All Filters]
2020-09-28
Rodriguez, German, Torres, Jenny, Flores, Pamela, Benavides, Eduardo, Nuñez-Agurto, Daniel.  2019.  XSStudent: Proposal to Avoid Cross-Site Scripting (XSS) Attacks in Universities. 2019 3rd Cyber Security in Networking Conference (CSNet). :142–149.
QR codes are the means to offer more direct and instant access to information. However, QR codes have shown their deficiency, being a very powerful attack vector, for example, to execute phishing attacks. In this study, we have proposed a solution that allows controlling access to the information offered by QR codes. Through a scanner designed in APP Inventor which has been called XSStudent, a system has been built that analyzes the URLs obtained and compares them with a previously trained system. This study was executed by means of a controlled attack to the users of the university who through a flyer with a QR code and a fictional link accessed an infected page with JavaScript code that allowed a successful cross-site scripting attack. The results indicate that 100% of the users are vulnerable to this type of attacks, so also, with our proposal, an attack executed in the universities using the Beef software would be totally blocked.