Client - side attacks
KeywordsΑσφάλεια διαδικτύου ; Επιθέσεις διαδικτύου ; Επιθέσεις πελάτη ; Διαδικτυακή εφαρμογή ; Προγράμματα περιήγησης ; Εργαλεία σάρωσης ευπαθειών διαδικτύου ; Client attacks ; Security policy ; Web application ; Web browsers ; Web scanners for vulnerabilities of web applications
As part of this thesis we develop and examine a common problem of the security of web applications, so-called Client Attacks. We will analyze the different types of these attacks and examine the way they work. Furthermore reference is made to identify what tools we can use in order to address security gaps that may be created, and methods to protect ourselves from these attacks. Hereby, through literature review presented in the following chapters we examined the seriousness and danger lurking from the client attacks as these can be achieved by exploiting various vulnerabilities in web applications, such as access to sensitive or confidential information, espionage and false advertising. In the first chapter we analyze the definition of web applications as well we distinguish the differences between Client and Server Side, and we describe the most important vulnerabilities of web applications. In the second chapter we describe the basic and most dangerous client attacks and appropriate corresponding countermeasures which must be applied. In the third chapter we analyze the importance of Active Content which has in today's web applications, as also we describe the scripting languages which are been included. In the fourth chapter we describe the functionality of browsers, which is one of the key elements of the security of web applications, as well as methods for safer configuration. The fifth chapter describes the operation of well – known web scanners for vulnerabilities of web applications and analyze the main selection criteria which we must take in consideration. In the last chapter of this thesis we include our conclusions and we describe a detailed security plan.