Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Noxes: a client-side solution for mitigating cross-site scripting attacks
Proceedings of the 2006 ACM symposium on Applied computing
Defeating script injection attacks with browser-enforced embedded policies
Proceedings of the 16th international conference on World Wide Web
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Dynamic pharming attacks and locked same-origin policies for web browsers
Proceedings of the 14th ACM conference on Computer and communications security
WSKE: web server key enabled cookies
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
A user study design for comparing the security of registration protocols
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Robust defenses for cross-site request forgery
Proceedings of the 15th ACM conference on Computer and communications security
XCS: cross channel scripting and its impact on web applications
Proceedings of the 16th ACM conference on Computer and communications security
SSLock: sustaining the trust on entities brought by SSL
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Compositional System Security with Interface-Confined Adversaries
Electronic Notes in Theoretical Computer Science (ENTCS)
Toward secure embedded web interfaces
SEC'11 Proceedings of the 20th USENIX conference on Security
The power of recognition: secure single sign-on using TLS channel bindings
Proceedings of the 7th ACM workshop on Digital identity management
An empirical study of visual security cues to prevent the SSLstripping attack
Proceedings of the 27th Annual Computer Security Applications Conference
Certified lies: detecting and defeating government interception attacks against SSL (short paper)
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
One-time cookies: Preventing session hijacking attacks with stateless authentication tokens
ACM Transactions on Internet Technology (TOIT)
ARC: protecting against HTTP parameter pollution attacks using application request caches
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Why eve and mallory love android: an analysis of android SSL (in)security
Proceedings of the 2012 ACM conference on Computer and communications security
BetterAuth: web authentication revisited
Proceedings of the 28th Annual Computer Security Applications Conference
Quite a mess in my cookie jar!: leveraging machine learning to protect web authentication
Proceedings of the 23rd international conference on World wide web
Hi-index | 0.00 |
As wireless networks proliferate, web browsers operate in an increasingly hostile network environment. The HTTPS protocol has the potential to protect web users from network attackers, but real-world deployments must cope with misconfigured servers, causing imperfect web sites and users to compromise browsing sessions inadvertently. ForceHTTPS is a simple browser security mechanism that web sites or users can use to opt in to stricter error processing, improving the security of HTTPS by preventing network attacks that leverage the browser's lax error processing. By augmenting the browser with a database of custom URL rewrite rules, ForceHTTPS allows sophisticated users to transparently retrofit security onto some insecure sites that support HTTPS. We provide a prototype implementation of ForceHTTPS as a Firefox browser extension.