HSTS Preloading is Ineffective as a Long-Term, Wide-Scale MITM-Prevention Solution: Results from Analyzing the 2013 - 2017 HSTS Preload List

05/11/2019
by   JV Roig, et al.
0

HSTS (HTTP Strict Transport Security) serves to protect websites from certain attacks by allowing web servers to inform browsers that only secure HTTPS connections should be used. However, this still leaves the initial connection unsecured and vulnerable to man-in-the-middle attacks. The HSTS preload list, now supported by most major browsers, is an attempt to close this initial vulnerability. In this study, the researchers analyzed the HSTS preload list to see the status of its deployment and industry acceptance as of December 2017. The findings here show a bleak picture: adoption of the HSTS Preload List seem to be practically nil for essential industries like Finance, and a significant percentage of entries are test sites or nonfunctional.

READ FULL TEXT
research
11/01/2021

An Empirical Analysis of HTTPS Configuration Security

It is notoriously difficult to securely configure HTTPS, and poor server...
research
11/27/2017

The Status of Quantum-Based Long-Term Secure Communication over the Internet

Sensitive digital data, such as health information or governmental archi...
research
11/02/2018

A Comprehensive Approach to Abusing Locality in Shared Web Hosting Servers

With the growing of network technology along with the need of human for ...
research
02/26/2020

Is the OWASP Top 10 list comprehensive enough for writing secure code?

The OWASP Top 10 is a list that is published by the Open Web Application...
research
03/23/2021

Detecting Phishing Sites – An Overview

Phishing is one of the most severe cyber-attacks where researchers are i...
research
02/13/2023

Characterizing the VPN Ecosystem in the Wild

With the shift to working remotely after the COVID-19 pandemic, the use ...
research
02/09/2018

Urban vs. rural divide in HTTPS implementation for hospital websites in Illinois

The Hypertext Transfer Protocol Secure (HTTPS) communications protocol i...

Please sign up or login with your details

Forgot password? Click here to reset