List of Topics and Papers
- ARCHIVE: Using the Internet Archive for empirical analysis
- [MAIN] Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_lerner.pdf - [FOLLOW-UP] Rewriting history: Changing the archived web from the present
https://repository.wellesley.edu/cgi/viewcontent.cgi?article=1158&context=scholarship
- [MAIN] Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016
- XSS: The fiercest enemy of the Web
- [MAIN] 25 Million Flows Later - Large-scale Detection of DOM-based XSS
https://swag.cispa.saarland/papers/lekies2013flows.pdf - [FOLLOW-UP] Don’t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild.
https://swag.cispa.saarland/papers/steffens2019locals.pdf
- [MAIN] 25 Million Flows Later - Large-scale Detection of DOM-based XSS
- JS: Malicious JavaScript Detection and Possible Attacks
- [MAIN] ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection
https://www.usenix.org/legacy/events/sec11/tech/full_papers/Curtsinger.pdf - [FOLLOW-UP] HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs
https://swag.cispa.saarland/papers/fass2019hidenoseek.pdf
- [MAIN] ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection
- EXTENSIONS: Browser Extensions: Security and Vulnerabilities
- [MAIN] Chrome Extensions: Threat Analysis and Countermeasures
https://pdfs.semanticscholar.org/0081/6b774f52031ea160c05181af3251a76220e6.pdf - [FOLLOW-UP] EmPoWeb: Empowering Web Applications with Browser Extensions
https://www-sop.inria.fr/members/Doliere.Some/papers/empoweb.pdf
- [MAIN] Chrome Extensions: Threat Analysis and Countermeasures
- PM: Attacking and Defending postMessage Communications
- [MAIN] The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites
https://www.cs.utexas.edu/~shmat/shmat_ndss13postman.pdf - [FOLLOW-UP] Privacy Breach by Exploiting postMessage in HTML5: Identification, Evaluation, and Countermeasure
https://csis.gmu.edu/ksun/publications/postmessage-asiaccs16.pdf
- [MAIN] The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites
- XSLEAKS: Abusing Cross Site Information Leakage
- [MAIN] Same-Origin Policy: Evaluation in Modern Browsers
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-schwenk.pdf - [FOLLOW-UP] Leaky Images: Targeted Privacy Attacks in the Web
https://www.usenix.org/system/files/sec19-staicu.pdf
- [MAIN] Same-Origin Policy: Evaluation in Modern Browsers
- FP: Browser Fingerprinting
- [MAIN] Leaky Images: Targeted Privacy Attacks in the Web
https://hal.inria.fr/hal-01652021/file/FPStalker-hal-version.pdf - [FOLLOW-UP] Everyone is Different: Client-side Diversification for Defending Against Extension Fingerprinting
https://www.usenix.org/system/files/sec19-trickel.pdf
- [MAIN] Leaky Images: Targeted Privacy Attacks in the Web
- WEBVIEW: Attacks on mobile devices over web APIs/webview
- [MAIN] Mobile Application Web API Reconnaissance: Web-to-Mobile Inconsistencies & Vulnerabilities
http://faculty.cs.tamu.edu/guofei/paper/WARDroid_SP18.pdf - [FOLLOW-UP] Study and Mitigation of Origin Stripping Vulnerabilities in Hybrid-postMessage Enabled Mobile Applications
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8418635
- [MAIN] Mobile Application Web API Reconnaissance: Web-to-Mobile Inconsistencies & Vulnerabilities
- CSP: Content Security Policy
- [MAIN] CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy
https://static.googleusercontent.com/media/research.google.com/de//pubs/archive/45542.pdf - [FOLLOW-UP] CCSP: Controlled Relaxation of Content Security Policies by Runtime Policy Composition
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-calzavara.pdf
- [MAIN] CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy
- FRAMING: UI Redressing / Click Jacking
- [MAIN] Busting frame busting: a study of clickjacking vulnerabilities at popular sites
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.182.8980&rep=rep1&type=pdf - [FOLLOW-UP] A Solution for the Automated Detection of Clickjacking Attacks
https://sites.cs.ucsb.edu/~chris/research/doc/asiaccs10_click.pdf
- [MAIN] Busting frame busting: a study of clickjacking vulnerabilities at popular sites
- SSO: Single Sign-On vulnerabilities
- [MAIN] AuthScan: Automatic Extraction of Web Authentication Protocols from Implementations
https://impillar.github.io/files/ndss2013authscan.pdf - [FOLLOW-UP] SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities
https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-zhou.pdf
- [MAIN] AuthScan: Automatic Extraction of Web Authentication Protocols from Implementations
- VULN SCANNER: Black-box vulnerability scanners for application flow vulnerabilities
- [MAIN] Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner
https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final225.pdf - [FOLLOW-UP] Toward Black-Box Detection of Logic Flaws in Web Applications
https://trouge.net/papers/ndss2014.pdf
- [MAIN] Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner