TY - GEN
T1 - Vulnerability Analysis of Online Banking Sites to Cross-Site Scripting and Request Forgery Attacks
T2 - 8th IEEE International Conference on Adaptive Science and Technology, ICAST 2021
AU - Buah, Gifty
AU - Memusi, Scholastica
AU - Munyi, John
AU - Brown, Timothy
AU - Sowah, Robert A.
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - Web applications are prone to several attacks. Two common threats are cross-site scripting attacks and cross-site request forgery. With internet banking becoming more popular in East Africa, the level of security that online banking services offer has become an increasing concern. This paper presents an analysis of the safety of these applications used by many unsuspecting customers seeking convenience and determines ways to detect and prevent these attacks from taking place. We assumed that if people with a technical background in IT and information security are vulnerable to CSRF and XSS attacks, the public would be even more vulnerable. Out of 96 users, 35 answered our survey, 53.1% of the respondents said they do not check the URLs of online banking websites they visit to ensure they are not on a phishing site. Secondly, only 36.4% of users considered the security implications of clicking on links in emails or even on banking websites all the time. Based on the interviews done, testing and analysis conducted, there is a clear indication that Internet banking users are vulnerable to XSS and CSRF. Notably, close to 50 % of the Internet banking users we interviewed reported that they do not receive ample tips from the banks regarding security issues to look out for when transacting online. The findings from this research help make recommendations to banks and users to ensure that future online banking transactions are done more securely.
AB - Web applications are prone to several attacks. Two common threats are cross-site scripting attacks and cross-site request forgery. With internet banking becoming more popular in East Africa, the level of security that online banking services offer has become an increasing concern. This paper presents an analysis of the safety of these applications used by many unsuspecting customers seeking convenience and determines ways to detect and prevent these attacks from taking place. We assumed that if people with a technical background in IT and information security are vulnerable to CSRF and XSS attacks, the public would be even more vulnerable. Out of 96 users, 35 answered our survey, 53.1% of the respondents said they do not check the URLs of online banking websites they visit to ensure they are not on a phishing site. Secondly, only 36.4% of users considered the security implications of clicking on links in emails or even on banking websites all the time. Based on the interviews done, testing and analysis conducted, there is a clear indication that Internet banking users are vulnerable to XSS and CSRF. Notably, close to 50 % of the Internet banking users we interviewed reported that they do not receive ample tips from the banks regarding security issues to look out for when transacting online. The findings from this research help make recommendations to banks and users to ensure that future online banking transactions are done more securely.
KW - Cross-site scripting
KW - attacks
KW - cross-site request forgery
KW - internet banking
KW - threats
UR - http://www.scopus.com/inward/record.url?scp=85125365037&partnerID=8YFLogxK
U2 - 10.1109/ICAST52759.2021.9681978
DO - 10.1109/ICAST52759.2021.9681978
M3 - Conference contribution
AN - SCOPUS:85125365037
T3 - IEEE International Conference on Adaptive Science and Technology, ICAST
BT - Proceedings of the 2021 IEEE 8th International Conference on Adaptive Science and Technology, ICAST 2021
PB - IEEE Computer Society
Y2 - 25 November 2021 through 26 November 2021
ER -