Web Browser Security

Prepared ByPrepared By

Mohammed EL-BattaMohammed EL-Batta

Mohammed SoubihMohammed SoubihSupervised BySupervised By

Eng. Eman alajramiEng. Eman alajramiExplain DateExplain Date

1010 . .may. 2010may. 2010

University of PalestineUniversity of PalestineCollege NameCollege NameCollege of Information TechnologyCollege of Information TechnologySpecialistSpecialistInformation TechnologyInformation Technology

Why Browsers Security is important

Ignore a lot of users for updates.

Independence between browser and operating system may be danger on users .

Ignore a lot of users of warnings during browsing .

Many Web sites require users to activate some features that might be danger.

Some websites developers interested in browser features rather than confidentiality.

Interdependence of web browsers with operating systems, increasing risk .

Types of risks that may face the browser

Divided into tow types:1- result of threats and function of browser.2-result of using from users.

Note \ some believe that the designers of browsers not bound by such risks that occur due to users, but this is wrong; because browsers are designed to fit all categories of users in different cultures and their use without any conditions or rules for use.

Uniform Resource Identifier (URL)

URL can be used counterfeiting official sites (bank website).

By adding letters or create words very close to the original site name (Address Obfuscation ) .

Then design the web page that is very similar to the original page , so the user cant notice the difference and enter his password.

SO that’s depend on the user more than browser.

Cookies

Cookies \ Information sent by web server to browser attached with requested resource .

The browser save the cookies to sent it back during next requests.

Cookies includes information about the User’s computer name ,id , how many times you visit single site.

The dangerous of Cookies is that it’s transmitting without any encryption.

So it’s easy target to hackers.

Note \ most of browsers support deleting of cookies files from the options menu.

Pop Up Windows

The Pop Up Windows is less dangerous than others because most of browsers use pop up blockers that blocking those windows.

The pop up windows may ask users for their passwords.

And some sites may sent a virus or spaying tools through pop up windows.

Simply when you open the site the pop up window opened automatically and you are just like clicking on direct link to download the virus or spam.

Java applet & ActiveX

Java applet and ActiveX is active content require some applications to be installed on the users computer.

(Java applet is type of Java program that is created using Java programming language. It runs only within a browser

and is downloaded from server and runs on the client's machine)

(activeX is OOP tools that developed to facilitate running some application on your browser like Flash Player, Chatting and required by mail sites like Hotmail)

Java applet is more secure than ActiveX because it’s limited to the environment that it’s work with.

Java applet & ActiveX may include hacking codes ,so we can ignore running of it if it’s not trusted or secure.

Active contents can stopped by default way like Mozilla FireFox browser or manually by users .

Java Script

Java Script / is a type of active content of browsers that used in web pages for providing specific functions.

Java Script is simple to use and doesn’t need expert in programming .

So it’s widely use by designers.

The most important limitations of Java Script is that is the favorite language to hackers to access user’s computers or make them open pages without their known .

Hypertext Transfer Protocol Secure HTTPS

HTTPS is an important protocol used in private and secret transactions through Internet .

The problem of users with this protocol is that most of users don’t make sure running of this protocol during their transactions .

Browsers view signs when the beginning of safe browsing, different from browser to another.

updates

The silent updates is one of the modern ways to enhance the browser security (Google Chrome).

Silent updates keep the browser up to date without any action from users to make sure they will be safe from attacks on threats.

In a survey study on visitors of Google ,shows that 45.2% of users didn’t use the new versions of the browsers ,so they are in danger .

Browsers Add-Ons

Browser Add-Ons is a basic methods in browsers ,it’s provide great features.

It’s similar to Active X but the difference here is the Add-Ons can’t running out the browser.

The Add-Ons are not dangerous but some of it can include hacker programs to access the computers.

Finally, it’s hard to make sure that the browsers are safe and secure because of techniques that are using to hack browsers developing very fast and that’s make developing of browsers and increase security hard in every change in hacking techniques .

So browsers security is sharing by browsers designer and Usres.

Guidelines for users

Access to sites that important and sensitive transactions by writing their official sites not by using link by other site.

Use Add-Ons that support control of (Java script ) and (Cookies) .

Not to download or install any software from any web site that is not official or trusted.

Use two browsers one for daily use and another for important and sensitive use .

Always Keep your browser and your system up to date .

www.coeia.edu.sa

ThAnk YoU