Biblio

Every person using different online services is concerned with the security and privacy for protecting individual information from the intruders. Many authentication systems are available for the protection of individuals' data, and the password authentication system is one of them. Due to the increment of information sharing, internet popularization, electronic commerce transactions, and data transferring, both password security and authenticity have become an essential and necessary subject. But it is also mandatory to ensure the strength of the password. For that reason, all cyber experts recommend intricate password patterns. But most of the time, the users forget their passwords because of those complicated patterns. In this paper, we are proposing a unique algorithm that will generate a strong password, unlike other existing random password generators. This password will he based on the information, i.e. (some words and numbers) provided by the users so that they do not feel challenged to remember the password. We have tested our system through various experiments using synthetic input data. We also have checked our generator with four popular online password checkers to verify the strength of the produced passwords. Based on our experiments, the reliability of our generated passwords is entirely satisfactory. We also have examined that our generated passwords can defend against two password cracking attacks named the "Dictionary attack" and the "Brute Force attack". We have implemented our system in Python programming language. In the near future, we have a plan to extend our work by developing an online free to use user interface. The passwords generated by our system are not only user-friendly but also have achieved most of the qualities of being strong as well as non- crackable passwords.

Cross-Site Scripting (XSS) is a common attack technique that lets attackers insert the code in the output application of web page which is referred to the web browser of visitor and then the inserted code executes automatically and steals the sensitive information. In order to prevent the users from XSS attack, many client- side solutions have been implemented; most of them being used are the filters that sanitize the malicious input. However, many of these filters do not provide prevention to the newly designed sophisticated attacks such as multiple points of injection, injection into script etc. This paper proposes and implements an approach based on encoding unfiltered reflections for detecting vulnerable web applications which can be exploited using above mentioned sophisticated attacks. Results prove that the proposed approach provides accurate higher detection rate of exploits. In addition to this, an implementation of blocking the execution of malicious scripts have contributed to XSS-Me: an open source Mozilla Firefox security extension that detects for reflected XSS vulnerabilities which can be considered as an effective solution if it is integrated inside the browser rather than being enforced as an extension.