Uncovering and exploiting hidden apis in mobile super apps
Mobile applications, particularly those from social media platforms such as WeChat and
TikTok, are evolving into" super apps" that offer a wide range of services such as instant …
TikTok, are evolving into" super apps" that offer a wide range of services such as instant …
Continuous auditing of artificial intelligence: A conceptualization and assessment of tools and frameworks
M Minkkinen, J Laine, M Mäntymäki - Digital Society, 2022 - Springer
Artificial intelligence (AI), which refers to both a research field and a set of technologies, is
rapidly growing and has already spread to application areas ranging from policing to …
rapidly growing and has already spread to application areas ranging from policing to …
Phish in sheep's clothing: Exploring the authentication pitfalls of browser fingerprinting
As users navigate the web they face a multitude of threats; among them, attacks that result in
account compromise can be particularly devastating. In a world fraught with data breaches …
account compromise can be particularly devastating. In a world fraught with data breaches …
The leaky web: Automated discovery of cross-site information leaks in browsers and the web
J Rautenstrauch, G Pellegrino… - 2023 IEEE Symposium …, 2023 - ieeexplore.ieee.org
When browsing the web, none of us want sites to infer which other sites we may have visited
before or are logged in to. However, attacker-controlled sites may infer this state through …
before or are logged in to. However, attacker-controlled sites may infer this state through …
Towards automated auditing for account and session management flaws in single sign-on deployments
M Ghasemisharif, C Kanich… - 2022 IEEE Symposium on …, 2022 - ieeexplore.ieee.org
Single Sign-On (SSO) is both a core and critical component of user authentication and
authorization on the modern web, as it is often offered by web and mobile applications …
authorization on the modern web, as it is often offered by web and mobile applications …
The Security Lottery: Measuring {Client-Side} Web Security Inconsistencies
To mitigate a myriad of Web attacks, modern browsers support client-side security policies
shipped through HTTP response headers. To enforce these defenses, the server needs to …
shipped through HTTP response headers. To enforce these defenses, the server needs to …
Everybody's Looking for SSOmething: A large-scale evaluation on the privacy of OAuth authentication on the web
Y Dimova, T Van Goethem… - Proceedings on Privacy …, 2023 - petsymposium.org
The management of many different login credentials can be tricky for the average web user.
OAuth eases this process by invoking identity providers (IdPs) as intermediaries, which …
OAuth eases this process by invoking identity providers (IdPs) as intermediaries, which …
A Study of {Multi-Factor} and {Risk-Based} Authentication Availability
Password-based authentication (PBA) remains the most popular form of user authentication
on the web despite its long-understood insecurity. Given the deficiencies of PBA, many …
on the web despite its long-understood insecurity. Given the deficiencies of PBA, many …
A {Large-Scale} Measurement of Website Login Policies
S Al Roomi, F Li - 32nd USENIX Security Symposium (USENIX Security …, 2023 - usenix.org
Authenticating on a website using a password involves a multi-stage login process, where
each stage entails critical policy and implementation decisions that impact login security and …
each stage entails critical policy and implementation decisions that impact login security and …
Measuring website password creation policies at scale
S Alroomi, F Li - Proceedings of the 2023 ACM SIGSAC Conference on …, 2023 - dl.acm.org
Researchers have extensively explored how password creation policies influence the
security and usability of user-chosen passwords, producing evidence-based policy …
security and usability of user-chosen passwords, producing evidence-based policy …