Measuring Web Session Security at Scale. Issue 111 (December 2021)
- Record Type:
- Journal Article
- Title:
- Measuring Web Session Security at Scale. Issue 111 (December 2021)
- Main Title:
- Measuring Web Session Security at Scale
- Authors:
- Calzavara, Stefano
Jonker, Hugo
Krumnow, Benjamin
Rabitti, Alvise - Abstract:
- Abstract: Session management is a particularly delicate component of web applications, which might suffer from a range of severe security issues, including impersonation attacks. Unfortunately, the scope and significance of prior work on web session security in the wild are limited by the complexity of the attack surface and the challenges of automating the login process on existing websites. In the present article, we fill this gap by proposing the first comprehensive, large-scale web session security measurement based on post-login data. Our analysis is comprehensive in that it deals with all key aspects of web sessions, i.e., the login process, the logout process and the authentication cookie handling. Our automated approach analysed an extensive set of session management practices of over 6, 000 sites where login was successful and authentication cookies could be automatically detected, uncovering a widespread adoption of insecure practices in the wild.
- Is Part Of:
- Computers & security. Issue 111(2021)
- Journal:
- Computers & security
- Issue:
- Issue 111(2021)
- Issue Display:
- Volume 111, Issue 111 (2021)
- Year:
- 2021
- Volume:
- 111
- Issue:
- 111
- Issue Sort Value:
- 2021-0111-0111-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-12
- Subjects:
- Session security -- Shepherd -- Black-box testing -- Web measurements -- Automated login -- Authentication
68M25
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2021.102472 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 19798.xml