Return to search

Analysis of Oauth and CORS vulnerabilities in the wild

Thanks to the wide range of features offered by the World Wide Web (WWW), many web applications have been published and developed through different libraries and programming languages. Adapting to new changes, the Web quickly evolved into a complex ecosystem, introducing many security problems to its users. To solve these problems, instead of re-designing the Web, the vendors added the security patches (protocols, mechanisms)to the Web platform to provide a more convenient and more secure environment for web users.
However, not only did these patches not completely resolve the security problems, but their implementations also introduced other security risks unbeknownst to website operators and users.

In this thesis, I propose a novel research on two different security patches to understand and analyze their deployment in real-world scenarios and discover the unseen, neglected factors and the elements involved in exploiting their use: one security protocol, OAuth, and one security mechanism, CORS.
As this thesis is based on offensive approaches, I develop automated methodologies, including novel strategies for analyzing and measuring the security qualities of the OAuth protocol and CORS mechanism in real-world scenarios.

Identiferoai:union.ndltd.org:unitn.it/oai:iris.unitn.it:11572/361123
Date06 December 2022
CreatorsArshad, Elham
ContributorsArshad, Elham, Crispo, Bruno
PublisherUniversità degli studi di Trento, place:Trento, Italy
Source SetsUniversità di Trento
LanguageMiddle English (1100-1500)
Detected LanguageEnglish
Typeinfo:eu-repo/semantics/doctoralThesis
Rightsinfo:eu-repo/semantics/openAccess
Relationfirstpage:1, lastpage:137, numberofpages:137

Page generated in 0.0028 seconds