Paper Info
Title
Large-Scale Security Analysis of the Web: Challenges and Findings
Abstract
As the web expands in size and adoption, so does the interest of attackers who seek to exploit web applications and exfiltrate user data. While there is a steady stream of news regarding major breaches and millions of user credentials compromised, it is logical to assume that, over time, the applications of the bigger players of the web are becoming more secure. However, as these applications become resistant to most prevalent attacks, adversaries may be tempted to move to easier, unprotected targets which still hold sensitive user data. In this paper, we report on the state of security for more than 22,000 websites that originate in 28 EU countries. We first explore the adoption of countermeasures that can be used to defend against common attacks and serve as indicators of \"security consciousness\". Moreover, we search for the presence of common vulnerabilities and weaknesses and, together with the adoption of defense mechanisms, use our findings to estimate the overall security of these websites. Among other results, we show how a website's popularity relates to the adoption of security defenses and we report on the discovery of three, previously unreported, attack variations that attackers could have used to attack millions of users.
Year
DOI
Venue
2014
10.1007/978-3-319-08593-7_8
TRUST
Field
DocType
Citations 
World Wide Web,Internet privacy,Security through obscurity,Computer security,Computer science,Security service,Exploit,Security analysis,Web application security,Web application,Vulnerability,European union
Conference
19
PageRank 
References 
Authors
0.95
13
5
Name
Order
Citations
PageRank
Tom van Goethem113611.77
Ping Chen21007.39
Nick Nikiforakis386553.35
Lieven Desmet440140.65
Wouter Joosen52898287.70