Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Postcards from the Post HTTP World - Amplification of HTTPS Vulnerabilities in the Web Ecosystem

IEEE via YouTube

Overview

Explore a comprehensive analysis of HTTPS vulnerabilities and their impact on web application security in this 20-minute IEEE conference talk. Delve into the complexities of SSL/TLS protocol suites and their susceptibility to various attacks. Examine the first systematic quantitative evaluation of web application insecurity due to cryptographic vulnerabilities, focusing on the Alexa Top 10k websites. Discover how attack trees are used to specify conditions against TLS and assess the implications for page integrity, authentication credentials, and web tracking. Gain insights into how a limited number of exploitable HTTPS vulnerabilities are amplified by the intricacies of the web ecosystem, affecting the security of numerous websites due to external or related-domain hosts.

Syllabus

Intro
A dirge for HTTP
But can we trust HTTPS?
Vulnerability amplification
Contributions
Attack trees for TLS security
Data collection
Preliminary statistics
Page integrity
Cookies: results
Closing remarks

Taught by

IEEE Symposium on Security and Privacy

Reviews

Start your review of Postcards from the Post HTTP World - Amplification of HTTPS Vulnerabilities in the Web Ecosystem

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.