Research Publications

Here are my list of publications:

[1] Bhavani A B, “Cross Site Request Forgery on Android WebView, International Journal for Computer Science and Network (IJCSN), Volume 3, Issue 3, June 2014.


Android has always been about connectivity and providing great browsing experience. Web-based content can be embedded into the Android application using WebView. It is a User Interface component that displays webpages. It can either display a remote webpage or can also load static HTML data. This encompasses the functionality of a browser that can be integrated to application. WebView provides a number of APIs which enables the applications to interact with the web content inside WebView. In the current paper Cross site request forgery or XSRF attack specific to android WebView is investigated. In XSRF attack the trusts of a web application in its authenticated users is exploited by letting the attacker make arbitrary HTTP requests on behalf of a victim user. When the user is logged into the trusted site through the WebView the site authenticates the WebView and not application. The application can launch attacks on the behalf of user with the APIs of Webview exploiting user credentials resulting in Cross site request forgery. Attacks can also be launched by setting cookies as HTTP headers and making malicious HTTP Request on behalf of victim.

[2] Bhavani A B, “Cross-site Scripting attacks on Android WebView”, International Journal for Computer Science and Network (IJCSN), Volume 2, Issue 2, April 2013.


WebView is an essential component in Android and iOS. It enables applications to display content from on-line resources. It simplifies task of performing a network request, parsing the data and rendering it. WebView uses a number of APIs which can interact with the web contents inside WebView. In the current paper, Cross-site scripting attacks or XSS attacks specific to Android WebView are discussed. Cross site scripting (XSS) is a type of vulnerability commonly found in web applications. This vulnerability makes it possible for attackers to run malicious code into victim’s WebView,through HttpClient APIs. Using this malicious code, the attackers can steal the victim’s credentials, such as cookies. The access control policies (that is,the same origin policy) employed by the browser to protect those credentials can be bypassed by exploiting the XSS vulnerability.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s