Measuring Web Session Security at Scale

نویسندگان

چکیده

Session management is a particularly delicate component of web applications, which might suffer from range severe security issues, including impersonation attacks. Unfortunately, the scope and significance prior work on session in wild are limited by complexity attack surface challenges automating login process existing websites. In present article, we fill this gap proposing first comprehensive, large-scale measurement based post-login data. Our analysis comprehensive that it deals with all key aspects sessions, i.e., process, logout authentication cookie handling. automated approach analysed an extensive set practices over 6,000 sites where was successful cookies could be automatically detected, uncovering widespread adoption insecure wild.

برای دانلود باید عضویت طلایی داشته باشید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Security testing of session initiation protocol implementations

The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...

متن کامل

Entity Linking at Web Scale

This paper investigates entity linking over millions of high-precision extractions from a corpus of 500 million Web documents, toward the goal of creating a useful knowledge base of general facts. This paper is the first to report on entity linking over this many extractions, and describes new opportunities (such as corpus-level features) and challenges we found when entity linking at Web scale...

متن کامل

Caching at the Web Scale

Today’s web applications and social networks are serving billions of users around the globe. These users generate billions of key lookups and millions of data object updates per second. A single user’s social network page load requires hundreds of key lookups. This scale creates many design challenges for the underlying storage systems. First, these systems have to serve user requests with low ...

متن کامل

CWI at TREC 2011: Session, Web, and Medical

We report on the participation of the Interactive Information Access group of the CWI Amsterdam in the web, session, and medical track at TREC 2011. In the web track we focus on the diversity task. We find that cluster-based subtopic modeling approaches improve diversification performance compared to a non-cluster-based subtopic modeling approach. While gain was observed on previous years’ topi...

متن کامل

Webis at TREC 2013-Session and Web Track

In this paper we give a brief overview of the Webis group’s participation in the TREC 2013 Session and Web tracks. All our runs are on the full ClueWeb12 and use the online Indri retrieval system hosted at CMU. As for the session track, our runs implement three main ideas that were slightly improved compared to our participation in 2012: (1) distinguishing low risk sessions where we want to inv...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

ژورنال

عنوان ژورنال: Computers & Security

سال: 2021

ISSN: ['0167-4048', '1872-6208']

DOI: https://doi.org/10.1016/j.cose.2021.102472