Development of a browser extension for web application vulnerability detection, avoidance, and secure browsing (VDAS)

This paper presents the development of a browser extension for web application vulnerability detection, avoidance and secures browsing. Number of attacks on websites are increasing from time to time. This attack can be happened because of the vulnerabilities exists in application code, perhaps missing validation during the development. Therefore, the aim of this extension is to detect the web application vulnerabilities, which indirectly can provide a secure browsing environment to avoid Internet users from being compromised by attackers. There are four types of web application vulnerabilities considered during the development of the Vulnerability Detection, Avoidance, and Secure Browsing (VDAS) namely Cross Site Scripting (XSS), Structured Query Language injection (SQLi), Local File Inclusion (LCI), and Remote Command Execution (RCE). The VDAS is designed based on data mining approaches. There are five phases involved in developing the VDAS; preliminary study, requirement analysis, system design, system development and system testing. The accuracy of the developed extension was successfully tested and validated by using Vega. In this study, the VDAS was only applied on Google Chrome. Hence, further work is recommended to ensure that the VDAS can be applied on other browsers as well.