Surviving the web: A journey into web session security
In this article, we survey the most common attacks against web sessions, that is, attacks that
target honest web browser users establishing an authenticated session with a trusted web …
target honest web browser users establishing an authenticated session with a trusted web …
The web sso standard openid connect: In-depth formal security analysis and security guidelines
Web-based single sign-on (SSO) services such as Google Sign-In and Log In with Paypal
are based on the OpenID Connect protocol. This protocol enables so-called relying parties …
are based on the OpenID Connect protocol. This protocol enables so-called relying parties …
[HTML][HTML] Formal methods for web security
In the last few years, many security researchers proposed to endow the web platform with
more rigorous foundations, thus allowing for a precise reasoning on web security issues …
more rigorous foundations, thus allowing for a precise reasoning on web security issues …
CookiExt: Patching the browser against session hijacking attacks
Session cookies constitute one of the main attack targets against client authentication on the
Web. To counter these attacks, modern web browsers implement native cookie protection …
Web. To counter these attacks, modern web browsers implement native cookie protection …
Testing for integrity flaws in web sessions
S Calzavara, A Rabitti, A Ragazzo… - … Security–ESORICS 2019 …, 2019 - Springer
Web sessions are fragile and can be attacked at many different levels. Classic attacks like
session hijacking, session fixation and cross-site request forgery are particularly dangerous …
session hijacking, session fixation and cross-site request forgery are particularly dangerous …
{WPSE}: Fortifying Web Protocols via {Browser-Side} Security Monitoring
We present WPSE, a browser-side security monitor for web protocols designed to ensure
compliance with the intended protocol flow, as well as confidentiality and integrity properties …
compliance with the intended protocol flow, as well as confidentiality and integrity properties …
A supervised learning approach to protect client authentication on the web
Browser-based defenses have recently been advocated as an effective mechanism to
protect potentially insecure web applications against the threats of session hijacking …
protect potentially insecure web applications against the threats of session hijacking …
Sub-session hijacking on the web: Root causes and prevention
S Calzavara, A Rabitti… - Journal of Computer …, 2019 - content.iospress.com
Since cookies act as the only proof of a user identity, web sessions are particularly
vulnerable to session hijacking attacks, where the browser run by a given user sends …
vulnerable to session hijacking attacks, where the browser run by a given user sends …
Fine-grained detection of privilege escalation attacks on browser extensions
S Calzavara, M Bugliesi, S Crafa… - … 2015, Held as Part of the …, 2015 - Springer
Even though their architecture relies on robust security principles, it is well-known that poor
programming practices may expose browser extensions to serious security flaws, leading to …
programming practices may expose browser extensions to serious security flaws, leading to …
Webspec: Towards machine-checked analysis of browser security mechanisms
L Veronese, B Farinier, P Bernardo… - … IEEE Symposium on …, 2023 - ieeexplore.ieee.org
The complexity of browsers has steadily increased over the years, driven by the continuous
introduction and update of Web platform components, such as novel Web APIs and security …
introduction and update of Web platform components, such as novel Web APIs and security …