| Modern web applications deliver a wide range of useful services. On the other hand, many web applications contain security vulnerabilities that are routinely exploited by the attackers. For example, according to Kaspersky Labs [26], "in 2007, a total of 23,680,646 [web-based] attacks were recorded against Kaspersky Security Network users. In 2009, that number rose to 73,619,767 --- however, in 2010, it skyrocketed to 580,371,937!" The impacts of web-based attacks can range from disclosure of confidential information, to heavy financial losses, and to divulgence of national secrets.;This thesis lays the groundwork for a future research goal of developing techniques and tools for automatically detecting security vulnerabilities in web applications. First, an in-depth survey of security attacks against both web servers and web clients and the state-of-the-art protection mechanisms is presented. Then, there is a summary of an investigation of security vulnerabilities, which were discovered in Mozilla Firefox and Google Chrome web browsers' website thumbnails features. Finally, this thesis presents a tool which enables developers to study the security-related behaviors of web-browsers. |
