Investigation of cookie vulnerabilities: poster
Pages 330 - 331
Abstract
Cookies have emerged as one of the most convenient solutions to keep track of browsers. They continue to raise both security and privacy concerns due to their continuous evolution. There is limited support for confidentiality, integrity and authentication in the way cookies are used. In this respect, the possibilities for misusing cookies are very real and are being exploited. This paper will first discuss the pros and cons of cookies. Also, discuss the step by step process of how cookies work. This paper will discuss the preferences of users based on survey results. This paper will discuss cookie vulnerabilities, ways to exploit them, and ways to mitigate them.
References
[1]
David Bisson. 2017. Why it's a good idea to clear browser history and cookies. https://www.grahamcluley.com/good-idea-clear-browser-history-cookies/. (Accessed on 03/02/2019).
[2]
Interserver. 2018. What is Session Hijacking and how to prevent it? - Interserver Tips. https://www.interserver.net/tips/kb/session-hijacking-prevent/. (Accessed on 03/02/2019).
[3]
Juha Jussila. 2018. JYX - HTTP cookie weaknesses, attack methods and defense mechanisms : a systematic literature review. https://jyx.jyu.fi/handle/123456789/59084. (Accessed on 02/05/2019).
[4]
Yichen Liu. 2012. The Pros and Cons of Using Browser Cached Cookies: A Google Story | Internet Marketing Inc. https://www.internetmarketinginc.com/blog/the-pros-and-cons-of-cookies-a-google-story/. (Accessed on 03/026/2019).
[5]
Chris Palmer. 2008. Secure Session Management With Cookies for Web Applications. https://crypto.stanford.edu/cs142/papers/web-session-management.pdf. (Accessed on 02/10/2019).
[6]
Rodica Tirtea. 2011. Bittersweet cookies. Some security and privacy considerations --- ENISA. https://www.enisa.europa.eu/publications/copy_of_cookies. (Accessed on 02/10/2019).
[7]
Xiaofeng Zheng, Jian Jiang, Jinjin Liang, Haixin Duan, Shuo Chen, Tao Wan, and Nicholas Weaver. 2015. Cookies Lack Integrity: Real-World Implications. In 24th USENIX Security Symposium (USENIX Security 15). USENIX Association, Washington, D.C., 707--721. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/zheng
Index Terms
- Investigation of cookie vulnerabilities: poster
Recommendations
Vulnerabilities in e-governments
This paper shows that more than 80% of the e-governments in the world are vulnerable to common web-application attacks such as Cross Site Scripting and Structured Query Language (SQL) injection. Industrialised countries were found to be more vulnerable ...
Pinpointing Vulnerabilities
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications SecurityMemory-based vulnerabilities are a major source of attack vectors. They allow attackers to gain unauthorized access to computers and their data. Previous research has made significant progress in detecting attacks. However, developers still need to ...
On Privacy Weaknesses and Vulnerabilities in Software Systems
ICSE '23: Proceedings of the 45th International Conference on Software EngineeringIn this digital era, our privacy is under constant threat as our personal data and traceable online/offline activities are frequently collected, processed and transferred by many software applications. Privacy attacks are often formed by exploiting ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
May 2019
359 pages
ISBN:9781450367264
DOI:10.1145/3317549
Copyright © 2019 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 15 May 2019
Check for updates
Author Tags
Qualifiers
- Poster
Conference
WiSec '19
Sponsor:
WiSec '19: 12th ACM Conference on Security and Privacy in Wireless and Mobile Networks
May 15 - 17, 2019
Florida, Miami
Acceptance Rates
Overall Acceptance Rate 98 of 338 submissions, 29%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 314Total Downloads
- Downloads (Last 12 months)14
- Downloads (Last 6 weeks)0
Reflects downloads up to 07 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in