[HTML][HTML] A hands-on gaze on HTTP/3 security through the lens of HTTP/2 and a public dataset
Following QUIC protocol ratification on May 2021, the third major version of the Hypertext
Transfer Protocol, namely HTTP/3, was published around one year later in RFC 9114. In …
Transfer Protocol, namely HTTP/3, was published around one year later in RFC 9114. In …
Talking with familiar strangers: An empirical study on https context confusion attacks
HTTPS is principally designed for secure end-to-end communication, which adds
confidentiality and integrity to sensitive data transmission. While several man-in-the-middle …
confidentiality and integrity to sensitive data transmission. While several man-in-the-middle …
Measuring HTTP/3: Adoption and performance
The third version of the Hypertext Transfer Protocol (HTTP) is in its final standardization
phase by the IETF. Besides better security and increased flexibility, it promises benefits in …
phase by the IETF. Besides better security and increased flexibility, it promises benefits in …
{FRAMESHIFTER}: Security implications of {HTTP/2-to-HTTP/1} conversion anomalies
HTTP/2 adoption is rapidly climbing. However, in practice, Internet communications still
rarely happen over end-to-end HTTP/2 channels. This is due to Content Delivery Networks …
rarely happen over end-to-end HTTP/2 channels. This is due to Content Delivery Networks …
Investigating HTTP response headers for the classification of devices on the Internet
A Lavrenovs, G Visky - 2019 IEEE 7th IEEE Workshop on …, 2019 - ieeexplore.ieee.org
Devices that are connected to the Internet are of great interest to malicious parties and
security researchers alike, as direct remote reachability places them at the highest risk of …
security researchers alike, as direct remote reachability places them at the highest risk of …
H DoS: An Application-Layer DoS Attack Towards HTTP/2 Protocol
HTTP/2, as the latest version of application layer protocol, is experiencing an exponentially
increasing adoption by both servers and browsers. Due to the new features introduced by …
increasing adoption by both servers and browsers. Due to the new features introduced by …
Practical end-to-end web content integrity
Widespread growth of open wireless hotspots has made it easy to carry out man-in-the-
middle attacks and impersonate web sites. Although HTTPS can be used to prevent such …
middle attacks and impersonate web sites. Although HTTPS can be used to prevent such …
Postcards from the post-http world: Amplification of https vulnerabilities in the web ecosystem
HTTPS aims at securing communication over the Web by providing a cryptographic
protection layer that ensures the confidentiality and integrity of communication and enables …
protection layer that ensures the confidentiality and integrity of communication and enables …
Towards a safe playground for HTTPS and middle boxes with QoS2
With the increasing concern for network security and privacy, adoption of HTTPS has sky-
rocket, with over 50% of traffic flows employing HTTPS. Unfortunately by encrypting the data …
rocket, with over 50% of traffic flows employing HTTPS. Unfortunately by encrypting the data …
Neither good nor bad: A large-scale empirical analysis of HTTP security response headers
G Karopoulos, D Geneiatakis… - … Conference on Trust and …, 2021 - Springer
HTTP security-focused response headers can be of great aid to web applications towards
augmenting their overall security level. That is, if set at the server side, these headers define …
augmenting their overall security level. That is, if set at the server side, these headers define …