Title: Towards a Secure Web: Critical Vulnerabilities and Client-Side Countermeasures (Bedreigingen en beveiligingsmaatregelen voor een veilig web)
Other Titles: Towards a Secure Web: Critical Vulnerabilities and Client-Side Countermeasures
Authors: Nikiforakis, Nikolaos
Issue Date: 30-Aug-2013
Abstract: As the web keeps on expanding, so does the interest of attackers whoseek to exploit users and services for profit. The last years, users havewitnessed that it is hard for a month to pass without news of somemajor web-application break-in and the subsequent exfiltration of private or financial data. At the same time, attackers constantly register rogue domains, using them to perform phishing attacks, collect private user information, and exploit vulnerable browsers and plugins.In this dissertation, we approach the increasingly serious problem ofcybercrime from two different and complementary standpoints. First, we investigate large groups of web applications, seeking to discover systematic vulnerabilities across them. We analyze the workings of referrer-anonymizing services, file hosting services, remote JavaScript inclusions and web-based device fingerprinting, exploring their interactions with users and third-parties, as wellas their consequences on a user's security and privacy. Through a series of automated and manual experiments we uncover many, previously unknown, issues that could readily be used to exploit vulnerable services and compromise user data.Second, we study existing, well-known, web application attacks and propose client-side countermeasures, that can strengthen the securityof a user's browsing environment without the collaboration, or even awareness, of the web application. We propose countermeasures to defend against session hijacking, SSL stripping, andmalicious, plugin-originating, cross-domain requests. Our countermeasures involve near-zero interaction with the user after their installation, have a minimal performance overhead, and do not assume the existence of trusted third-parties.
Publication status: published
KU Leuven publication type: TH
Appears in Collections:Informatics Section

Files in This Item:
File Status SizeFormat
thesis.pdf Published 3222KbAdobe PDFView/Open


All items in Lirias are protected by copyright, with all rights reserved.