A Case-Control Study on the Server-Side Bandages Against XSS
| dc.contributor.author | Ruohonen J. | |
| dc.contributor.author | Leppänen V. | |
| dc.contributor.organization | fi=ohjelmistotekniikka|en=Software Engineering| | |
| dc.contributor.organization-code | 1.2.246.10.2458963.20.71310837563 | |
| dc.contributor.organization-code | 2610302 | |
| dc.converis.publication-id | 36035085 | |
| dc.converis.url | https://research.utu.fi/converis/portal/Publication/36035085 | |
| dc.date.accessioned | 2022-10-28T13:49:30Z | |
| dc.date.available | 2022-10-28T13:49:30Z | |
| dc.description.abstract | <p>This paper surveys the server-side use of security-related options for protecting websites against cross-site scripting (XSS) attacks. By using data from a bug bounty platform, the use of these header-based options is approached with a case-control study that contrasts popular Internet domains against less popular domains that have explicitly been veried to have been vulnerable to XSS. According to the results based on the analysis of nearly 800 thousand domains, (a) the header-based security options are only infrequently used. However, (b) the domains known to have been vulnerable to XSS have been much less likely to use these options compared to popular domains. Furthermore, (c) the options surveyed tend to statistically form clear latent dimensions, which can be speculated to relate to the eort required to enforce strict security policies for websites.</p><p></p><p><br /></p> | |
| dc.identifier.isbn | 978-86-7031-473-3 | |
| dc.identifier.issn | 1613-0073 | |
| dc.identifier.jour-issn | 1613-0073 | |
| dc.identifier.olddbid | 184567 | |
| dc.identifier.oldhandle | 10024/167661 | |
| dc.identifier.uri | https://www.utupub.fi/handle/11111/37849 | |
| dc.identifier.url | http://ceur-ws.org/Vol-2217/paper-ruo.pdf | |
| dc.identifier.urn | URN:NBN:fi-fe2021042719874 | |
| dc.language.iso | en | |
| dc.okm.affiliatedauthor | Ruohonen, Jukka | |
| dc.okm.affiliatedauthor | Leppänen, Ville | |
| dc.okm.discipline | 113 Computer and information sciences | en_GB |
| dc.okm.discipline | 113 Tietojenkäsittely ja informaatiotieteet | fi_FI |
| dc.okm.internationalcopublication | not an international co-publication | |
| dc.okm.internationality | International publication | |
| dc.okm.type | A4 Conference Article | |
| dc.relation.conference | Software Quality Analysis, Monitoring, Improvement, and Applications | |
| dc.relation.ispartofjournal | CEUR Workshop Proceedings | |
| dc.relation.volume | 2217 | |
| dc.source.identifier | https://www.utupub.fi/handle/10024/167661 | |
| dc.title | A Case-Control Study on the Server-Side Bandages Against XSS | |
| dc.title.book | Proceedings of the Seventh Workshop on Software Quality Analysis, Monitoring, Improvement, and Applications | |
| dc.year.issued | 2018 |
Tiedostot
1 - 1 / 1
Ladataan...
- Name:
- paper-ruo.pdf
- Size:
- 717.39 KB
- Format:
- Adobe Portable Document Format
- Description:
- Publisher's PDF