Title: Large-scale security analysis of the web: Challenges and findings
Authors: Van Goethem, Tom
Chen, Ping
Nikiforakis, Nick
Desmet, Lieven
Joosen, Wouter
Issue Date: 2014
Publisher: Springer
Host Document: Trust and Trustworthy Computing vol:7 pages:110-125
Conference: TRUST edition:2014 location:Heraklion, Crete, Greece date:June 30 - July 2, 2014
Abstract: As the web expands in size and adoption, so does the interest of attackers who seek to exploit web applications and exfiltrate user data. While there is a steady stream of news regarding major breaches and millions of user credentials compromised, it is logical to assume that, over time, the applications of the bigger players of the web are becoming more secure. However, as these applications become resistant to most prevalent attacks, adversaries may be tempted to move to easier, unprotected targets which still hold sensitive user data.

In this paper, we report on the state of security for more than 22,000 websites that originate in 28 EU countries. We first explore the adoption of countermeasures that can be used to defend against common attacks and serve as indicators of "security consciousness". Moreover, we search for the presence of common vulnerabilities and weaknesses and, together with the adoption of defense mechanisms, use our findings to estimate the overall security of these websites.
Among other results, we show how a website's popularity relates to the adoption of security defenses and we report on the discovery of three, previously unreported, attack variations that attackers could have used to attack millions of users.
ISBN: 978-3-319-08592-0
ISSN: 0302-9743
Publication status: published
KU Leuven publication type: IC
Appears in Collections:Informatics Section

Files in This Item:
File Description Status SizeFormat
eusec-paper.pdf Published 657KbAdobe PDFView/Open


All items in Lirias are protected by copyright, with all rights reserved.