WAFFle: fingerprinting filter rules of web application firewalls
WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
Hi-index | 0.00 |
Web timing have attacks become a new threat on the Internet because they enable attackers to reveal users' private information. In this paper, we evaluate the threat of a web timing attack and its countermeasure. Our contribution is to investigate the occurrence conditions of a web timing attack. We also verify the effectiveness of our countermeasure, whose significant feature is fixing the authentication time whereas previous work fixes the response time. For our evaluation, we measure response times of several web applications, and analyze the result with statistical testing. We find that it is difficult to reveal the of username in some types of applications,and we confirm that our countermeasure can thwart web timing attacks.