web security

OAuth 2.0 Redirect URI Validation Falls Short Literally

Tommaso Innocenti, Matteo Golinelli, Kaan Onarlioglu, Ali Mirheidari, Bruno Crispo, Engin Kirda

The Nonce-nce of Web Security: An Investigation of CSP Nonces Reuse

Content Security Policy (CSP) is an effective security mechanism that prevents the exploitation of Cross-Site Scripting (XSS) …

Matteo Golinelli, Francesco Bonomi, Bruno Crispo

Matteo Golinelli, Elham Arshad, Dmytro Kashchuk, Bruno Crispo

Web Cache Deception Escalates!

Web Cache Deception (WCD) tricks a web cache into erroneously storing sensitive content, thereby making it widely accessible on the …

Seyed Ali Mirheidari, Matteo Golinelli, Kaan Onarlioglu, Engin Kirda, Bruno Crispo