A Methodology for Web Cache Deception Vulnerability discovery

Contributo in Atti di convegno
Data di Pubblicazione:
2024
Citazione:
A Methodology for Web Cache Deception Vulnerability discovery / F. Berto, F. Minetti, C.A. Ardagna, M. Anisetti - In: Proceedings of the 14th International Conference on Cloud Computing and Services Science CLOSER. 1 / [a cura di] M. van Steen, C. Pahl. - [s.l] : SciTePress, 2024 May 02. - ISBN 978-989-758-701-6. - pp. 231-238 (( Intervento presentato al 14. convegno CLOSER tenutosi a Angers nel 2024 [10.5220/0012692000003711].
Abstract:
In recent years, the use of caching techniques in web applications has increased significantly, in line with their expanding user base. The logic of web caches is closely tied to the application logic, and misconfigurations can lead to security risks, including the unauthorized access of private information and session hijacking. In this study, we examine Web Cache Deception as a technique for attacking web applications. We develop a solution for discovering vulnerabilities that expands upon and encompasses prior research in the field. We conducted an experimental evaluation of the attack's efficacy against real-world targets, and present a new attack vector via web-client-based email services.
Tipologia IRIS:
03 - Contributo in volume
Keywords:
Web Cache Deception; Web Cache; Web Security
Elenco autori:
F. Berto, F. Minetti, C.A. Ardagna, M. Anisetti
Autori di Ateneo:
ANISETTI MARCO ( autore )
ARDAGNA CLAUDIO AGOSTINO ( autore )
Link alla scheda completa:
https://air.unimi.it/handle/2434/1045070
Link al Full Text:
Titolo del libro:
Proceedings of the 14th International Conference on Cloud Computing and Services Science CLOSER. 1
Progetto:
MUSA - Multilayered Urban Sustainability Actiona

Aree Di Ricerca

Settori


Settore INF/01 - Informatica