NCATComp410 / comp410_spring_2024

COMP410 spring 2024 semester
MIT License
3 stars 0 forks source link

Detect URL #28

Closed Kyeeshaaa closed 8 months ago

Kyeeshaaa commented 9 months ago

A Uniform Resource Locator(URL) is defined as a unique identifier that is used to find resources within the internet. A URL is made up of many parts. There is a scheme that indicates the method needed to access the specific source. Then there's the domain, commonly referred to as the IP address. The Path directs the site to the specific location of the source, the query parameters provide optional data to the server, and the fragment identifiers are used to identify a specific section of the resource. Through URLs, personally indefinable information may be exposed through the query parameters, fragment identifiers, or even through the URL path. It’s extremely important to detect PII in URLs as these components may include sensitive information, such as usernames, passwords, card numbers, etc. This could be a risk to personal security as URLs can be intercepted and viewed by third-party applications/sources. It’s important to protect URLs as sensitive information in URLs can cause highly serious security threats such as account hijacking, phishing attacks, and other security issues.

For more information on URLs refer here.

Will detect a URL using the format scheme://domain/path?query#fragment

I’ll use http://www.test.com/pageName?user=RealName&Password=TheRealPassword123 as a test URL since it’s considered a bad URL that has PII according to these guidelines.

claesmk commented 9 months ago

Looks good - Good example of a dangerous URL

jpow2 commented 9 months ago

URLs are used in phishing schemes because they can make the domain similar to the official website. This causes people to fall for malicious attacks if enough time and attention is spent making it look like an official website that's trusted.