Unveiling Vulnerabilities of Web Attacks Considering Man in the Middle Attack and Session Hijacking
The current era extensively utilizes the Internet, which uses data. Due to the apparent open-
access Internet service, this data is highly vulnerable to attacks. Data privacy is affected by …
access Internet service, this data is highly vulnerable to attacks. Data privacy is affected by …
The cookie hunter: Automated black-box auditing for web authentication and authorization flaws
In this paper, we focus on authentication and authorization flaws in web apps that enable
partial or full access to user accounts. Specifically, we develop a novel fully automated black …
partial or full access to user accounts. Specifically, we develop a novel fully automated black …
Phish in sheep's clothing: Exploring the authentication pitfalls of browser fingerprinting
As users navigate the web they face a multitude of threats; among them, attacks that result in
account compromise can be particularly devastating. In a world fraught with data breaches …
account compromise can be particularly devastating. In a world fraught with data breaches …
O single {Sign-Off}, where art thou? An empirical analysis of single {Sign-On} account hijacking and session management on the web
M Ghasemisharif, A Ramesh, S Checkoway… - 27th USENIX Security …, 2018 - usenix.org
Single Sign-On (SSO) allows users to effortlessly navigate the Web and obtain a
personalized experience without the hassle of creating and managing accounts across …
personalized experience without the hassle of creating and managing accounts across …
Towards automated auditing for account and session management flaws in single sign-on deployments
M Ghasemisharif, C Kanich… - 2022 IEEE Symposium on …, 2022 - ieeexplore.ieee.org
Single Sign-On (SSO) is both a core and critical component of user authentication and
authorization on the modern web, as it is often offered by web and mobile applications …
authorization on the modern web, as it is often offered by web and mobile applications …
The Security Lottery: Measuring {Client-Side} Web Security Inconsistencies
To mitigate a myriad of Web attacks, modern browsers support client-side security policies
shipped through HTTP response headers. To enforce these defenses, the server needs to …
shipped through HTTP response headers. To enforce these defenses, the server needs to …
[PDF][PDF] Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting.
With users becoming increasingly privacy-aware and browser vendors incorporating anti-
tracking mechanisms, browser fingerprinting has garnered significant attention. Accordingly …
tracking mechanisms, browser fingerprinting has garnered significant attention. Accordingly …
Read between the lines: Detecting tracking javascript with bytecode classification
M Ghasemisharif, J Polakis - Proceedings of the 2023 ACM SIGSAC …, 2023 - dl.acm.org
Browsers and extensions that aim to block online ads and tracking scripts predominantly rely
on rules from filter lists for determining which resource requests must be blocked. These filter …
on rules from filter lists for determining which resource requests must be blocked. These filter …
[PDF][PDF] File hijacking vulnerability: The elephant in the room
Files are a significant attack vector for security boundary violation, yet a systematic
understanding of the vulnerabilities underlying these attacks is lacking. To bridge this gap …
understanding of the vulnerabilities underlying these attacks is lacking. To bridge this gap …
Protecting privacy on the web: A study of HTTPS and Google Analytics implementation in academic library websites
Purpose The purpose of this paper is to examine the extent to which HTTPS encryption and
Google Analytics services have been implemented on academic library websites, and …
Google Analytics services have been implemented on academic library websites, and …