Postcards from the Post HTTP World - Amplification of HTTPS Vulnerabilities in the Web Ecosystem
Offered By: IEEE via YouTube
Course Description
Overview
Explore a comprehensive analysis of HTTPS vulnerabilities and their impact on web application security in this 20-minute IEEE conference talk. Delve into the complexities of SSL/TLS protocol suites and their susceptibility to various attacks. Examine the first systematic quantitative evaluation of web application insecurity due to cryptographic vulnerabilities, focusing on the Alexa Top 10k websites. Discover how attack trees are used to specify conditions against TLS and assess the implications for page integrity, authentication credentials, and web tracking. Gain insights into how a limited number of exploitable HTTPS vulnerabilities are amplified by the intricacies of the web ecosystem, affecting the security of numerous websites due to external or related-domain hosts.
Syllabus
Intro
A dirge for HTTP
But can we trust HTTPS?
Vulnerability amplification
Contributions
Attack trees for TLS security
Data collection
Preliminary statistics
Page integrity
Cookies: results
Closing remarks
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
Zero - The Funniest Number in CryptographyBlack Hat via YouTube What Cryptographic Library Developers Think About Timing Attacks
IEEE via YouTube Cryptography: How Its Usage Affects Protection - 2018
LASCON via YouTube Badkeys - Finding Weak Cryptographic Keys At Scale
nullcon via YouTube Practically-Exploitable Cryptographic Vulnerabilities in Matrix
Black Hat via YouTube