Vulnerability Analysis of Online Banking Sites to Cross-Site Scripting and Request Forgery Attacks: A Case Study in East Africa

Gifty Buah, Scholastica Memusi, John Munyi, Timothy Brown, Robert A. Sowah

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Citations (Scopus)

Abstract

Web applications are prone to several attacks. Two common threats are cross-site scripting attacks and cross-site request forgery. With internet banking becoming more popular in East Africa, the level of security that online banking services offer has become an increasing concern. This paper presents an analysis of the safety of these applications used by many unsuspecting customers seeking convenience and determines ways to detect and prevent these attacks from taking place. We assumed that if people with a technical background in IT and information security are vulnerable to CSRF and XSS attacks, the public would be even more vulnerable. Out of 96 users, 35 answered our survey, 53.1% of the respondents said they do not check the URLs of online banking websites they visit to ensure they are not on a phishing site. Secondly, only 36.4% of users considered the security implications of clicking on links in emails or even on banking websites all the time. Based on the interviews done, testing and analysis conducted, there is a clear indication that Internet banking users are vulnerable to XSS and CSRF. Notably, close to 50 % of the Internet banking users we interviewed reported that they do not receive ample tips from the banks regarding security issues to look out for when transacting online. The findings from this research help make recommendations to banks and users to ensure that future online banking transactions are done more securely.

Original languageEnglish
Title of host publicationProceedings of the 2021 IEEE 8th International Conference on Adaptive Science and Technology, ICAST 2021
PublisherIEEE Computer Society
ISBN (Electronic)9781665427173
DOIs
Publication statusPublished - 2021
Event8th IEEE International Conference on Adaptive Science and Technology, ICAST 2021 - Accra
Duration: 25 Nov 202126 Nov 2021

Publication series

NameIEEE International Conference on Adaptive Science and Technology, ICAST
Volume2021-November
ISSN (Print)2326-9413
ISSN (Electronic)2326-9448

Conference

Conference8th IEEE International Conference on Adaptive Science and Technology, ICAST 2021
Country/TerritoryGhana
CityAccra
Period25/11/2126/11/21

Keywords

  • Cross-site scripting
  • attacks
  • cross-site request forgery
  • internet banking
  • threats

Fingerprint

Dive into the research topics of 'Vulnerability Analysis of Online Banking Sites to Cross-Site Scripting and Request Forgery Attacks: A Case Study in East Africa'. Together they form a unique fingerprint.

Cite this