Related papers: Security Header Fields in HTTP Clients
Computing platforms such as smartphones frequently access Web content using many separate applications rather than a single Web browser application. These applications often deal with sensitive user information such as financial data or…
Mobile network operators implement firewalls to stop illicit messages, but scammers find ways to evade detection. Previous work has looked into SMS texts that are blocked by these firewalls. However, there is little insight into SMS texts…
The use of secure connections using HTTPS as the default means, or even the only means, to connect to web servers is increasing. It is being pushed from both sides: from the bottom up by client distributions and plugins, and from the top…
Now a days, a new family of web applications open applications, are emerging (e.g., Social Networking, News and Blogging). Generally, these open applications are non-confidential. The security needs of these applications are only…
HTML5-based mobile apps become more and more popular, mostly because they are much easier to be ported across different mobile platforms than native apps. HTML5-based apps are implemented using the standard web technologies, including…
The use of passwords and the need to protect passwords are not going away. The majority of websites that require authentication continue to support password authentication. Even high-security applications such as Internet Banking portals,…
Attacks on Internet routing are typically viewed through the lens of availability and confidentiality, assuming an adversary that either discards traffic or performs eavesdropping. Yet, a strategic adversary can use routing attacks to…
As of February, 2015, HTTP/2, the update to the 16-year-old HTTP 1.1, is officially complete. HTTP/2 aims to improve the Web experience by solving well-known problems (e.g., head of line blocking and redundant headers), while introducing…
Web applications are becoming truly pervasive in all kinds of business models and organizations. Today, most critical systems such as those related to health care, banking, or even emergency response, are relying on these applications. They…
With the growing of network technology along with the need of human for social interaction, using websites nowadays becomes critically important which leads in the increasing number of websites and servers. One popular solution for managing…
We examine how well various HTTP methods are supported by public web services. We sample 40,870 live URIs from the DMOZ collection (a curated directory of World Wide Web URIs) and found that about 55% URIs claim support (in the Allow…
HSTS (HTTP Strict Transport Security) serves to protect websites from certain attacks by allowing web servers to inform browsers that only secure HTTPS connections should be used. However, this still leaves the initial connection unsecured…
It is now feasible to host basic web services on a smart phone due to the advances in wireless devices and mobile communication technologies. The market capture of mobile web services also has increased significantly, in the past years.…
JavaScript, a scripting language employed to augment the capabilities of web browsers within web pages or browser extensions, utilizes code segments termed JavaScript inclusions. While the security aspects of JavaScript inclusions in web…
Mobile health (mHealth) applications (apps) have gained significant popularity over the last few years due to its tremendous benefits, such as lowering healthcare cost and increasing patient awareness. However, the sensitivity of healthcare…
Smart contracts are self-executing programs that run on blockchains (e.g., Ethereum). 680 million US dollars worth of digital assets controlled by smart contracts have been hacked or stolen due to various security vulnerabilities in 2021.…
Web Application Firewalls (WAFs) have been introduced as essential and popular security gates that inspect incoming HTTP traffic to filter out malicious requests and provide defenses against a diverse array of web-based threats. Evading…
It is now feasible to host basic web services on a smart phone due to the advances in wireless devices and mobile communication technologies. While the applications are quite welcoming, the ability to provide secure and reliable…
Securing browsers in mobile devices is very challenging, because these browser apps usually provide browsing services to other apps in the same device. A malicious app installed in a device can potentially obtain sensitive information…
Over the years, use of smartphones has come to dominate several areas, improving our lives, offering us convenience, and reshaping our daily work circumstances. Beyond traditional use for communication, they are used for many peripheral…