Biblio

The advent of HTML 5 revives the life of cross-site scripting attack (XSS) in the web. Cross Document Messaging, Local Storage, Attribute Abuse, Input Validation, Inline Multimedia and SVG emerge as likely targets for serious threats. Introduction of various new tags and attributes can be potentially manipulated to exploit the data on a dynamic website. The XSS attack manages to retain a spot in all the OWASP Top 10 security risks released over the past decade and placed in the seventh spot in OWASP Top 10 of 2017. It is known that XSS attempts to execute scripts with untrusted data without proper validation between websites. XSS executes scripts in the victim's browser which can hijack user sessions, deface websites, or redirect the user to the malicious site. This paper focuses on the development of a browser extension for the popular Google Chromium browser that keeps track of various attack vectors. These vectors primarily include tags and attributes of HTML 5 that may be used maliciously. The developed plugin alerts users whenever a possibility of XSS attack is discovered when a user accesses a particular website.

To increase transparency and interactive control in Recommender Systems, we extended the Matrix Factorization technique widely used in Collaborative Filtering by learning an integrated model of user-generated tags and latent factors derived from user ratings. Our approach enables users to manipulate their preference profile expressed implicitly in the (intransparent) factor space through explicitly presented tags. Furthermore, it seems helpful in cold-start situations since user preferences can be elicited via meaningful tags instead of ratings. We evaluate this approach and present a user study that to our knowledge is the most extensive empirical study of tag-enhanced recommending to date. Among other findings, we obtained promising results in terms of recommendation quality and perceived transparency, as well as regarding user experience, which we analyzed by Structural Equation Modeling.