Related papers: Exploring HTTPS Security Inconsistencies: A Cross-…
Experience shows that most researchers and developers tend to treat plain-domains (those that are not prefixed with "www" sub-domains, e.g. "example.com") as synonyms for their equivalent www-domains (those that are prefixed with "www"…
HTTPS is quickly rising alongside the need of Internet users to benefit from security and privacy when accessing the Web, and it becomes the predominant application protocol on the Internet. This migration towards a secure Web using HTTPS…
The use of secure connections using HTTPS as the default means, or even the only means, to connect to web servers is increasing. It is being pushed from both sides: from the bottom up by client distributions and plugins, and from the top…
Revelations of large scale electronic surveillance and data mining by governments and corporations have fueled increased adoption of HTTPS. We present a traffic analysis attack against over 6000 webpages spanning the HTTPS deployments of 10…
The surge in website attacks, including Denial of Service (DoS), Cross-Site Scripting (XSS), and Clickjacking, underscores the critical need for robust HTTPS implementation-a practice that, alarmingly, remains inadequately adopted.…
With the popularity of mobile devices, such as smartphones, tablets, users prefer visiting Web pages on mobile devices. Meanwhile, HTTP(S) plays as the major protocol to deliver Web contents, and has served the Web well for more than 15…
Contemporary web application architectures involve many layers of proxy services that process traffic. Due to the complexity of HTTP and vendor design decisions, these proxies sometimes process a given request in different ways. Attackers…
It is notoriously difficult to securely configure HTTPS, and poor server configurations have contributed to several attacks including the FREAK, Logjam, and POODLE attacks. In this work, we empirically evaluate the TLS security posture of…
The possibility of fingerprinting the search keywords issued by a user on popular web search engines is a significant threat to user privacy. This threat has received surprisingly little attention in the network traffic analysis literature.…
As of today, TLS is the most commonly used protocol to protect communication content. To provide good security, it is of central importance, that administrators know how to configure their services correctly. For this purpose, services…
Web-fraud is one of the most unpleasant features of today's Internet. Two well-known examples of fraudulent activities on the web are phishing and typosquatting. Their effects range from relatively benign (such as unwanted ads) to downright…
Using a total of 4,774 hospitals categorized as government, non-profit, and proprietary hospitals, this study provides the first measurement-based analysis of hospitals' websites and connects the findings with data breaches through a…
URI redirections are integral to web management, supporting structural changes, SEO optimization, and security. However, their complexities affect usability, SEO performance, and digital preservation. This study analyzed 11 million unique…
Internet censorship is typically enforced by authorities to achieve information control for a certain group of Internet users. So far existing censorship studies have primarily focused on country-level characterization because (1) in many…
One of the Internet's greatest strengths is the degree to which it facilitates access to any of its resources from users anywhere in the world. However, users in the developing world have complained of websites blocking their countries. We…
We present new analytic techniques for inferring HTTP semantics from passive observations of HTTPS that can infer the value of important fields including the status-code, Content-Type, and Server, and the presence or absence of several…
Cloud providers' support for network evasion techniques that misrepresent the server's domain name is more prevalent than previously believed, which has serious implications for security and privacy due to the reliance on domain names in…
Multiple official languages within a country along with languages common with other countries demand content consistency in both shared and unshared languages during information sharing. However, inconsistency due to conflict in content…
DNS is a basic Internet service which almost all other user services depend on. However, what has been perceived in practice are a lot of inconsistencies and errors in the configuration of servers that cause different problems. The majority…
The Hypertext Transfer Protocol Secure (HTTPS) communications protocol is used to secure traffic between a web browser and server. This technology can significantly reduce the risk of interception and manipulation of web information for…