FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4288045344> ?p ?o ?g. }

• W4288045344 endingPage "102859" @default.
• W4288045344 startingPage "102859" @default.
• W4288045344 abstract "OAuth 2.0 is an important and well studied protocol. However, despite the presence of guidelines and best practices, the current implementations are still vulnerable and error-prone. This research mainly focused on the Cross-Site Request Forgery (CSRF) attack. This attack is one of the dangerous vulnerabilities in OAuth protocol, which has been mitigated through state parameter. However, despite the presence of this parameter in the OAuth deployment, many websites are still vulnerable to the OAuth-CSRF (OCSRF) attack. We studied one of the most recurrent type of OCSRF attack through a variety range of novel attack strategies based on different possible implementation weaknesses and the state of the victim’s browser at the time of the attack. In order to validate them, we designed a repeatable methodology and conducted a large-scale analysis on 395 high-ranked sites to assess the prevalence of OCSRF vulnerabilities. Our automated crawler discovered about 36% of targeted sites are still vulnerable and detected about 20% more well-hidden vulnerable sites utilizing the novel attack strategies. Based on our experiment, there was a significant rise in the number of OCSRF protection compared to the past scale analyses and yet over 25% of sites are exploitable to at least one proposed attack strategy. Despite a standard countermeasure exists to mitigate the OCSRF, our study shows that lack of awareness about implementation mistakes is an important reason for a significant number of vulnerable sites." @default.
• W4288045344 created "2022-07-27" @default.
• W4288045344 creator A5028912196 @default.
• W4288045344 creator A5076845058 @default.
• W4288045344 creator A5084790583 @default.
• W4288045344 date "2022-10-01" @default.
• W4288045344 modified "2023-09-27" @default.
• W4288045344 title "Practical attacks on Login CSRF in OAuth" @default.
• W4288045344 cites W1785797725 @default.
• W4288045344 doi "https://doi.org/10.1016/j.cose.2022.102859" @default.
• W4288045344 hasPublicationYear "2022" @default.
• W4288045344 type Work @default.
• W4288045344 citedByCount "0" @default.
• W4288045344 crossrefType "journal-article" @default.
• W4288045344 hasAuthorship W4288045344A5028912196 @default.
• W4288045344 hasAuthorship W4288045344A5076845058 @default.
• W4288045344 hasAuthorship W4288045344A5084790583 @default.
• W4288045344 hasConcept C113324615 @default.
• W4288045344 hasConcept C38652104 @default.
• W4288045344 hasConcept C41008148 @default.
• W4288045344 hasConceptScore W4288045344C113324615 @default.
• W4288045344 hasConceptScore W4288045344C38652104 @default.
• W4288045344 hasConceptScore W4288045344C41008148 @default.
• W4288045344 hasLocation W42880453441 @default.
• W4288045344 hasOpenAccess W4288045344 @default.
• W4288045344 hasPrimaryLocation W42880453441 @default.
• W4288045344 hasRelatedWork W2086663091 @default.
• W4288045344 hasRelatedWork W2182003324 @default.
• W4288045344 hasRelatedWork W2186671259 @default.
• W4288045344 hasRelatedWork W2343700560 @default.
• W4288045344 hasRelatedWork W2556693741 @default.
• W4288045344 hasRelatedWork W2610588707 @default.
• W4288045344 hasRelatedWork W3034738955 @default.
• W4288045344 hasRelatedWork W3200018670 @default.
• W4288045344 hasRelatedWork W1578661253 @default.
• W4288045344 hasRelatedWork W2186024438 @default.
• W4288045344 hasVolume "121" @default.
• W4288045344 isParatext "false" @default.
• W4288045344 isRetracted "false" @default.
• W4288045344 workType "article" @default.