In recent years, the use of caching techniques in web applications has increased significantly, in line with their expanding user base. The logic of web caches is closely tied to the application logic, and misconfigurations can lead to security risks, including the unauthorized access of private information and session hijacking. In this study, we examine Web Cache Deception as a technique for attacking web applications. We develop a solution for discovering vulnerabilities that expands upon and encompasses prior research in the field. We conducted an experimental evaluation of the attack's efficacy against real-world targets, and present a new attack vector via web-client-based email services.

A Methodology for Web Cache Deception Vulnerability discovery / F. Berto, F. Minetti, C.A. Ardagna, M. Anisetti - In: Proceedings of the 14th International Conference on Cloud Computing and Services Science CLOSER. 1 / [a cura di] M. van Steen, C. Pahl. - [s.l] : SciTePress, 2024 May 02. - ISBN 978-989-758-701-6. - pp. 231-238 (( Intervento presentato al 14. convegno CLOSER tenutosi a Angers nel 2024 [10.5220/0012692000003711].

A Methodology for Web Cache Deception Vulnerability discovery

F. Berto
;
C.A. Ardagna;M. Anisetti
2024

Abstract

In recent years, the use of caching techniques in web applications has increased significantly, in line with their expanding user base. The logic of web caches is closely tied to the application logic, and misconfigurations can lead to security risks, including the unauthorized access of private information and session hijacking. In this study, we examine Web Cache Deception as a technique for attacking web applications. We develop a solution for discovering vulnerabilities that expands upon and encompasses prior research in the field. We conducted an experimental evaluation of the attack's efficacy against real-world targets, and present a new attack vector via web-client-based email services.
Web Cache Deception; Web Cache; Web Security
Settore INF/01 - Informatica
   MUSA - Multilayered Urban Sustainability Actiona
   MUSA
   MINISTERO DELL'UNIVERSITA' E DELLA RICERCA

   SEcurity and RIghts in the CyberSpace (SERICS)
   SERICS
   MINISTERO DELL'UNIVERSITA' E DELLA RICERCA
   codice identificativo PE00000014

   Sovereign Edge-Hub: un’architettura cloud-edge per la sovranità digitale nelle scienze della vita (SOV-EDGE-HUB)Linea Strategica 4 - Sicurezza informatica/Cloud
   SOV-EDGE-HUB
   UNIVERSITA' DEGLI STUDI DI MILANO
2-mag-2024
https://www.scitepress.org/Documents/2024/126920/
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
CLOSER_2024_36_CR (1).pdf

accesso aperto

Tipologia: Pre-print (manoscritto inviato all'editore)
Dimensione 250.58 kB
Formato Adobe PDF
250.58 kB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/1045070
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact