A Study of Existing Cross-Site Scripting Detection and Prevention Techniques Using XAMPP and VirtualBox

Most operating websites experience a cyber-attack at some point. Cross-site Scripting (XSS) attacks are cited as the top website risk. More than 60 percent of web applications are vulnerable to them, and they ultimately are responsible for over 30 percent of all web application attacks. XSS attacks are complicated, and they often are used in conjunction with social engineering techniques to cause even more damage. Although prevention techniques exist, hackers still find points of vulnerability to launch their attacks. This project explored what XSS attacks are, examples of popular attacks, and ways to detect and prevent them. Using knowledge gained and lessons-learned from analyzing prior XSS incidents, a simulation environment was built using XAMPP and VirtualBox. Four typical XSS attacks were launched in this virtual environment, and their potential to cause significant damage was measured and compared using the Common Vulnerability Scoring System (CVSS) Calculator. Recommendations are offered for approaches to impeding XSS attacks including solutions involving sanitizing data, whitelisting data, implementing a content security policy and statistical analysis tools

Virtual migrant communities: 'Orkut' and the Brazilian case

"This paper attempts to provide some insights into ethnography on the internet, more specifically research on the use of Social Network Sites (SNSs) by migrants. Starting from the Brazilian migrant communities in Europe, it raises the question of the usability of the analysis of virtual migrant communities for the study of transnational networks. Can offline and online observations be combined? Does virtual research lead to high quality data? The paper illustrates the methodology of virtual research by exploring the example of the online social network site ‘Orkut’ which is enormously popular among Brazilians, both among those who are residing within Brazil as among those who migrate. Providing an important resource for migrants from different social classes, Orkut plays a significant role as an access gate to information and as a place where the status of Brazilian migrants can be discussed. It also functions as a stage to re-affirm Brazilian nationality. Within the variety of Brazilian websites, magazines and satellite channels, Orkut is often mentioned as the most important application to keep in touch with other Brazilians inside and outside Brazil. Recognizing the growing importance of SNSs such as Orkut, a growing body of scholarship addresses several aspects of these sites and the practices they enable. Most scholars recognise the importance of these SNSs for community formation and the formation of a diasporic public sphere. This paper highlights the significance of social network sites as a topic of research. The fact that participation on social network sites leaves online traces offers unprecedented opportunities for researchers. Even so, because of the relatively recentness of SNSs, there are some methodological and ethical limitations. These will also be discussed and further explored." [author's abstract

The role of social networks in students’ learning experiences

The aim of this research is to investigate the role of social networks in computer science education. The Internet shows great potential for enhancing collaboration between people and the role of social software has become increasingly relevant in recent years. This research focuses on analyzing the role that social networks play in students’ learning experiences. The construction of students’ social networks, the evolution of these networks, and their effects on the students’ learning experience in a university environment are examined

Mapping web personal learning environments

A recent trend in web development is to build platforms which are carefully designed to host a plurality of software components (sometimes called widgets or plugins) which can be organized or combined (mashed-up) at user's convenience to create personalized environments. The same holds true for the web development of educational applications. The degree of personalization can depend on the role of users such as in traditional virtual learning environment, where the components are chosen by a teacher in the context of a course. Or, it can be more opened as in a so-called personalized learning environment (PLE). It now exists a wide array of available web platforms exhibiting different functionalities but all built on the same concept of aggregating components together to support different tasks and scenarios. There is now an overlap between the development of PLE and the more generic developments in web 2.0 applications such as social network sites. This article shows that 6 more or less independent dimensions allow to map the functionalities of these platforms: the screen dimensionmaps the visual integration, the data dimension maps the portability of data, the temporal dimension maps the coupling between participants, the social dimension maps the grouping of users, the activity dimension maps the structuring of end users–interactions with the environment, and the runtime dimensionmaps the flexibility in accessing the system from different end points. Finally these dimensions are used to compare 6 familiar Web platforms which could potentially be used in the construction of a PLE

Rhythms of social interaction: messaging within a massive online network

We have analyzed the fully-anonymized headers of 362 million messages exchanged by 4.2 million users of Facebook, an online social network of college students, during a 26 month interval. The data reveal a number of strong daily and weekly regularities which provide insights into the time use of college students and their social lives, including seasonal variations. We also examined how factors such as school affiliation and informal online friend lists affect the observed behavior and temporal patterns. Finally, we show that Facebook users appear to be clustered by school with respect to their temporal messaging patterns

Improving Security and Privacy in Online Social Networks

Online social networks (OSNs) have gained soaring popularity and are among the most popular sites on the Web. With OSNs, users around the world establish and strengthen connections by sharing thoughts, activities, photos, locations, and other personal information. However, the immense popularity of OSNs also raises significant security and privacy concerns. Storing millions of users\u27 private information and their social connections, OSNs are susceptible to becoming the target of various attacks. In addition, user privacy will be compromised if the private data collected by OSNs are abused, inadvertently leaked, or under the control of adversaries. as a result, the tension between the value of joining OSNs and the security and privacy risks is rising.;To make OSNs more secure and privacy-preserving, our work follow a bottom-up approach. OSNs are composed of three components, the infrastructure layer, the function layer, and the user data stored on OSNs. For each component of OSNs, in this dissertation, we analyze and address a representative security/privacy issue. Starting from the infrastructure layer of OSNs, we first consider how to improve the reliability of OSN infrastructures, and we propose Fast Mencius, a crash-fault tolerant state machine replication protocol that has low latency and high throughput in wide-area networks. For the function layer of OSNs, we investigate how to prevent the functioning of OSNs from being disturbed by adversaries, and we propose SybilDefender, a centralized sybil defense scheme that can effectively detect sybil nodes by analyzing social network topologies. Finally, we study how to protect user privacy on OSNs, and we propose two schemes. MobiShare is a privacy-preserving location-sharing scheme designed for location-based OSNs (LBSNs), which supports sharing locations between both friends and strangers. LBSNSim is a trace-driven LBSN model that can generate synthetic LBSN datasets used in place of real datasets. Combining our work contributes to improving security and privacy in OSNs