DeepAI AI Chat
Log In Sign Up

HSTS Preloading is Ineffective as a Long-Term, Wide-Scale MITM-Prevention Solution: Results from Analyzing the 2013 - 2017 HSTS Preload List

by   JV Roig, et al.

HSTS (HTTP Strict Transport Security) serves to protect websites from certain attacks by allowing web servers to inform browsers that only secure HTTPS connections should be used. However, this still leaves the initial connection unsecured and vulnerable to man-in-the-middle attacks. The HSTS preload list, now supported by most major browsers, is an attempt to close this initial vulnerability. In this study, the researchers analyzed the HSTS preload list to see the status of its deployment and industry acceptance as of December 2017. The findings here show a bleak picture: adoption of the HSTS Preload List seem to be practically nil for essential industries like Finance, and a significant percentage of entries are test sites or nonfunctional.


An Empirical Analysis of HTTPS Configuration Security

It is notoriously difficult to securely configure HTTPS, and poor server...

The Status of Quantum-Based Long-Term Secure Communication over the Internet

Sensitive digital data, such as health information or governmental archi...

A Comprehensive Approach to Abusing Locality in Shared Web Hosting Servers

With the growing of network technology along with the need of human for ...

Is the OWASP Top 10 list comprehensive enough for writing secure code?

The OWASP Top 10 is a list that is published by the Open Web Application...

Detecting Phishing Sites – An Overview

Phishing is one of the most severe cyber-attacks where researchers are i...

Where The Light Gets In: Analyzing Web Censorship Mechanisms in India

This paper presents a detailed study of the Internet censorship in India...