Session cookies constitute one of the main attack targets against client authentication on the Web. To counter these attacks, modern web browsers implement native cookie protection mechanisms based on the HttpOnly and Secure flags. While there is a general understanding about the effectiveness of these defenses, no formal result has so far been proved about the security guarantees they convey. With the present paper we provide the first such result, by presenting a mechanized proof of noninterference assessing the robustness of the HttpOnly and Secure cookie flags against both web and network attackers with the ability to perform arbitrary XSS code injection. We then develop CookiExt, a browser extension that provides client-side protection...
Abstract. Sessions on the web are fragile. They have been attacked suc-cessfully in many ways, by ne...
To my mother. Web applications are the dominant means to provide access to millions of on-line servi...
© Springer International Publishing Switzerland 2014. Sessions on the web are fragile. They have bee...
Session cookies constitute one of the main attack targets against client authentication on the Web. ...
Session cookies constitute one of the main attack targets against client authentication on the Web. ...
Since cookies act as the only proof of a user identity, web sessions are particularly vulnerable to ...
Abstract. With the growing trend towards the use of web applications the danger posed by cross site ...
Abstract: In early days, web pages always use a state for keeping an authentication state between br...
Modern websites set multiple authentication cookies during the login process to allow users to rema...
Sessions on the web are fragile. They have been attacked successfully in many ways, by network-level...
This is a well known trick that I just wanted to share as it is so crucial in preventing effective X...
Abstract. The class of Cross-site Scripting (XSS) vulnerabilities is the most prevalent security pro...
Browser-based defenses have recently been advocated as an effective mechanism to protect potentially...
XSS attacks are the number one attacks in the Web applications. Web applications are becoming the do...
The web has become a new, highly interactive medium. Many modern websites provide their users with t...
Abstract. Sessions on the web are fragile. They have been attacked suc-cessfully in many ways, by ne...
To my mother. Web applications are the dominant means to provide access to millions of on-line servi...
© Springer International Publishing Switzerland 2014. Sessions on the web are fragile. They have bee...
Session cookies constitute one of the main attack targets against client authentication on the Web. ...
Session cookies constitute one of the main attack targets against client authentication on the Web. ...
Since cookies act as the only proof of a user identity, web sessions are particularly vulnerable to ...
Abstract. With the growing trend towards the use of web applications the danger posed by cross site ...
Abstract: In early days, web pages always use a state for keeping an authentication state between br...
Modern websites set multiple authentication cookies during the login process to allow users to rema...
Sessions on the web are fragile. They have been attacked successfully in many ways, by network-level...
This is a well known trick that I just wanted to share as it is so crucial in preventing effective X...
Abstract. The class of Cross-site Scripting (XSS) vulnerabilities is the most prevalent security pro...
Browser-based defenses have recently been advocated as an effective mechanism to protect potentially...
XSS attacks are the number one attacks in the Web applications. Web applications are becoming the do...
The web has become a new, highly interactive medium. Many modern websites provide their users with t...
Abstract. Sessions on the web are fragile. They have been attacked suc-cessfully in many ways, by ne...
To my mother. Web applications are the dominant means to provide access to millions of on-line servi...
© Springer International Publishing Switzerland 2014. Sessions on the web are fragile. They have bee...