Web Security: The Emperor's New Armour
نویسندگان
چکیده
The World Wide Web originally provided no security services because it was not designed to support sensitive applications. As the Web evolved to become a platform for all types of Internet applications security mechanisms were added. Many Internet players, especially in the e-commerce sector, claim that the Web now can provide adequate security protection. In this paper we analyses some aspects of Web security, and our conclusion is that despite strong cryptographic mechanisms standard Web security solutions can only provide casual protection. We also conclude that major design changes needs to be introduced in order to strengthen Web security.
منابع مشابه
The Emperor's New Password Manager: Security Analysis of Web-based Password Managers
Same as Report (SAR) 18. NUMBER
متن کاملAnalyzing new features of infected web content in detection of malicious web pages
Recent improvements in web standards and technologies enable the attackers to hide and obfuscate infectious codes with new methods and thus escaping the security filters. In this paper, we study the application of machine learning techniques in detecting malicious web pages. In order to detect malicious web pages, we propose and analyze a novel set of features including HTML, JavaScript (jQuery...
متن کاملImage flip CAPTCHA
The massive and automated access to Web resources through robots has made it essential for Web service providers to make some conclusion about whether the "user" is a human or a robot. A Human Interaction Proof (HIP) like Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) offers a way to make such a distinction. CAPTCHA is a reverse Turing test used by Web serv...
متن کاملThe Emperor's New Password Creation Policies: An Evaluation of Leading Web Services and the Effect of Role in Resisting Against Online Guessing
While much has changed in Internet security over the past decades, textual passwords remain as the dominant method to secure user web accounts and they are proliferating in nearly every new web services. Nearly every web services, no matter new or aged, now enforce some form of password creation policy. In this work, we conduct an extensive empirical study of 50 password creation policies that ...
متن کاملA model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کامل