Security and Vulnerabilities of Browser Applications
Hi friends,
I would like to discuss the system vulnerabilities, relevant CVE identifiers, cyber security solution and some of common findings I encountered while using browser applications.
System vulnerabilities are weaknesses benefits the attackers to introduce the malware and other threats to the system. These threats are harmful to software’s and internet applications and which are mitigated by various security mechanisms and procedures. Both hardware and software are vulnerable to various threats and appropriate security measures are needed to be addressed.
Cross site scripting is vulnerability which may be initially designed in a legal way. The attacker efficiently carries out something malicious mission in user’s browser while unexpectedly visiting of fake URL. For instance, the malicious script which possesses XSS bugs will be executed in the context of a website. In order to run malicious JavaScript code in user’s browser, the attacker manipulates a use to site the webpage with injected JavaScript play load.
Common Vulnerabilities and Exposure (CVE):
It is a dictionary of common names for cyber security vulnerabilities. The products and services well-suited with CVE provide better exposure, interoperability and improved protection. The following are the list of recent vulnerabilities through cross site scripting in CVE database.
- eClinicalWorks Patient Portal 7.0 build 13 was designed on January 27, 2017. The common vulnerability identifier is 95835 and entry is CVE-2017-5599. This was encountered with cross site scripting vulnerability which affects the page within the patient portal. The socially manipulated play load executed within the patient portal javascript page without any authentication. This vulnerability pulls out important information or attacks user’s browser.
Â
- The CVE entries are CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, CVE-2016-4262, CVE-2016-4263, CVE-2016-6980.
Cyber security measures and solutions for the above vulnerabilities:
The security measures like add plug in antivirus or firewall software applications in the browser can scan incoming and outgoing data traffic, scanning & analysis of suspicious files and malicious applications protect the personal information and online transactions and protection against the untrusted wifi.
The vulnerabilities discovered in my system/common findings:
When I opened the manipulated URL, the payload executed within my browser without any authentication. This lead to infection and entry Xs bugs into my system. The system vulnerabilities discovered are:
a)   Cross site scripting lead attack on browser applications and operating system
b)   Unauthentically accessed the personal/sensitive information
c)   Entry of malicious applications and bugs
References:
- https://www.hq.nasa.gov/security/it_threats_vulnerabilities.htm
- https://www.symantec.com/connect/articles/five-common-web-application-vulnerabilities
Response1
Hi
I like extend the discussion of System Vulnerabilities-Adobe flash player and security concerns.
Adobe flash player is an application used to generate graphics, animations, browser games, rich internet applications, desktop applications and mobile games. Till now, Adobe has more than 94 Vulnerabilities. I like to mention some of the cyber security solutions which improve the protection of adobe flash player such as periodical update of software and always using cyber security tools with multilayer protection. Mostly, the cyber criminal hack the default chrome plugins like Adobe flash player. The recent security improvements made by experts in “Night watch cyber security” team in AIR software development to help their customers and solve the issues. The Adobe AIR security facilitate controlled environment for the unfaithful websites and running other applications from various resources.
Responses 2:
Hello Avinash,
I would like to mention the advanced versions of IBM Web sphere applications designed with security functions. These IBM WSA version7, V8, V 8.5 are prone to the attacker and prevent the gathering of sensitive information. SSLv3 vulnerability (CVE-2014-3566) is the reason for the loss of sensitive information IBM server. This can be appropriately mitigated by the IBM web server security versions with default security. Most valuable infrastructure based preventive measures integrated into to the web sphere application server. So the advance versions of the web application can counter the malware and leakage of sensitive information from a server.
With regards
Venkata Rajesh Kunkalaguntla