Surviving the Web: A Journey into Web Session Security
| Autor: | Mauro Tempesta, Marco Squarcina, Stefano Calzavara, Riccardo Focardi |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2018 |
| Předmět: |
Web analytics
Web standards General Computer Science Web development Computer science 02 engineering and technology Content Security Policy Computer security computer.software_genre Internet security Theoretical Computer Science World Wide Web web attacks web defenses web sessions 020204 information systems Web design 0202 electrical engineering electronic engineering information engineering Web application Web browser Settore INF/01 - Informatica business.industry web defenses SITE SCRIPTING ATTACKS Usability Web application security Web sessions HTTP cookies web attacks web defenses SITE SCRIPTING ATTACKS Software deployment 020201 artificial intelligence & image processing Web threat business computer |
| Zdroj: | WWW (Companion Volume) |
| Popis: | In this article, we survey the most common attacks against web sessions, that is, attacks that target honest web browser users establishing an authenticated session with a trusted web application. We then review existing security solutions that prevent or mitigate the different attacks by evaluating them along four different axes: protection, usability, compatibility, and ease of deployment. We also assess several defensive solutions that aim at providing robust safeguards against multiple attacks. Based on this survey, we identify five guidelines that, to different extents, have been taken into account by the designers of the different proposals we reviewed. We believe that these guidelines can be helpful for the development of innovative solutions approaching web security in a more systematic and comprehensive way. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|