Security Analysis of the Chinese Web: How well is it protected?
作者: Ping Chen , Nick Nikiforakis , Lieven Desmet , Christophe Huygens
关键词:
摘要: As the web rapidly expands and gets integrated into daily lives of more people, so does number cyber attacks against it. To defend attackers, website operators can utilize a wide range defense mechanisms, both at server-side, as well client-side their applications. From security-metrics standpoint, presence or absence these mechanisms be used security indicator any given website.In this paper, through large-scale analysis 10,000 most popular Chinese websites, we analyze by investigating usage policies, evaluating discovered HTTPS implementations. We show that, when compared to websites rest world, significant fraction lag behind on adoption good practices. Among other findings, report fact that 6% inadvertently leak private user information, such identity numbers, placing spreadsheet files with sensitive content in directories indexed search engines.
acm.org
securitee.org参考文章(10)
Tom van Goethem, Ping Chen, Nick Nikiforakis, Lieven Desmet, Wouter Joosen, Large-Scale Security Analysis of the Web: Challenges and Findings trust and trustworthy computing. ,vol. 7, pp. 110- 126 ,(2014) , 10.1007/978-3-319-08593-7_8
A. Alarifi, AbdulMalik Al-Salman, M. Alsaleh, Security analysis of top visited Arabic Web sites international conference on advanced communication technology. pp. 173- 178 ,(2013)
Christian Seifert, Vipul Delwadia, Peter Komisarczuk, David Stirling, Ian Welch, Measurement Study on Malicious Web Servers in the .nz Domain australasian conference on information security and privacy. pp. 8- 25 ,(2009) , 10.1007/978-3-642-02620-1_2
Sid Stamm, Brandon Sterne, Gervase Markham, Reining in the web with content security policy the web conference. pp. 921- 930 ,(2010) , 10.1145/1772690.1772784
Adam Barth, HTTP State Management Mechanism RFC. ,vol. 6265, pp. 1- 37 ,(2011)
Yuan-Fang Li, Paramjit K. Das, David L. Dowe, Two decades of Web application testing-A survey of recent advances Information Systems. ,vol. 43, pp. 20- 54 ,(2014) , 10.1016/J.IS.2014.02.001
J. Clark, P. C. van Oorschot, SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements ieee symposium on security and privacy. pp. 511- 525 ,(2013) , 10.1109/SP.2013.41
David Ross, Tobias Gondrom, HTTP Header Field X-Frame-Options RFC. ,vol. 7034, pp. 1- 14 ,(2013)
Ping Chen, Nick Nikiforakis, Christophe Huygens, Lieven Desmet, A Dangerous Mix: Large-Scale Analysis of Mixed-Content Websites international conference on information security. pp. 354- 363 ,(2013) , 10.1007/978-3-319-27659-5_25
Michael K. Daly, The Advanced Persistent Threat ,(2009)