Send email Copy Email Address


CISPA at USENIX 2022 – Thursday

Paper presentations with involvement by CISPA researchers, August 11

"The Security Lottery: Measuring Client-Side Web Security Inconsistencies"

 In our work, we discovered that sometimes the configuration of security headers depends on client characteristics such as our geolocation, language setting, or the browser that we used. Also we found Web applications that responded with seemingly random levels of protection. This security lottery does not only affect the security of end-users because attackers might choose only to attack the vulnerable population, or they succeed by pure chance due to randomness; it also sheds light on measurement inaccuracies that this randomness can cause.

Sebastian Roth, CISPA Helmholtz Center for Information Security; Stefano Calzavara, Università Ca' Foscari Venezia; Moritz Wilhelm, CISPA Helmholtz Center for Information Security; Alvise Rabitti, Università Ca' Foscari Venezia; Ben Stock, CISPA Helmholtz Center for Information Security

For further details