| Title | XSStudent: Proposal to Avoid Cross-Site Scripting (XSS) Attacks in Universities |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Rodriguez, German, Torres, Jenny, Flores, Pamela, Benavides, Eduardo, Nuñez-Agurto, Daniel |
| Conference Name | 2019 3rd Cyber Security in Networking Conference (CSNet) |
| Date Published | oct |
| Keywords | attack vector, BeEF, Beef software, Computer crime, controlled attack, Cross Site Scripting, Cross-site Scripting Attacks, direct access, Educational institutions, Human Behavior, instant access, Internet, Java, JavaScript code, phishing attacks, pubcrawl, QR code, Resiliency, Scalability, universities, URL, XSS, XSStudent |
| Abstract | QR codes are the means to offer more direct and instant access to information. However, QR codes have shown their deficiency, being a very powerful attack vector, for example, to execute phishing attacks. In this study, we have proposed a solution that allows controlling access to the information offered by QR codes. Through a scanner designed in APP Inventor which has been called XSStudent, a system has been built that analyzes the URLs obtained and compares them with a previously trained system. This study was executed by means of a controlled attack to the users of the university who through a flyer with a QR code and a fictional link accessed an infected page with JavaScript code that allowed a successful cross-site scripting attack. The results indicate that 100% of the users are vulnerable to this type of attacks, so also, with our proposal, an attack executed in the universities using the Beef software would be totally blocked. |
| DOI | 10.1109/CSNet47905.2019.9108965 |
| Citation Key | rodriguez_xsstudent_2019 |
XSStudent: Proposal to Avoid Cross-Site Scripting (XSS) Attacks in Universities