Project summary
We assume that malicious javascript is inserted into the server and reflected to the client browser by a cross-site scripting (XSS) attack. Then, we want to know whether the browsers successfully detect and prevent the XSS’s implications by analyzing secure headers in HTTP response headers. In this work, we investigate the actual usage of secure headers and conduct a large-scale evaluation. For this, we first compare the secure header collected on different days and identify which fields and websites are vulnerable. Also, we analyze the websites that can be vulnerable due to a mismatch, which is the difference between a website’s request and browser support for a secure header for each browser.
Libraries and frameworks
- Crawler (HTTP response): Python
- Crawler (Browser support option): Javascript (nodejs)
Yeongbin Hwang
Master’s Student @ KAIST
My research interests include 5G core network, guided fuzzing test, and control plane analysis.