A Methodology for Web Cache Deception Vulnerability Discovery
Filippo Berto, Francesco Minetti, Claudio Ardagna, Marco Anisetti
2024
Abstract
In recent years, the use of caching techniques in web applications has increased significantly, in line with their expanding user base. The logic of web caches is closely tied to the application logic, and misconfigurations can lead to security risks, including the unauthorized access of private information and session hijacking. In this study, we examine Web Cache Deception as a technique for attacking web applications. We develop a solution for discovering vulnerabilities that expands upon and encompasses prior research in the field. We conducted an experimental evaluation of the attack’s efficacy against real-world targets, and present a new attack vector via web-client-based email services.
DownloadPaper Citation
in Harvard Style
Berto F., Minetti F., Ardagna C. and Anisetti M. (2024). A Methodology for Web Cache Deception Vulnerability Discovery. In Proceedings of the 14th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER; ISBN 978-989-758-701-6, SciTePress, pages 231-238. DOI: 10.5220/0012692000003711
in Bibtex Style
@conference{closer24,
author={Filippo Berto and Francesco Minetti and Claudio Ardagna and Marco Anisetti},
title={A Methodology for Web Cache Deception Vulnerability Discovery},
booktitle={Proceedings of the 14th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER},
year={2024},
pages={231-238},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012692000003711},
isbn={978-989-758-701-6},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 14th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER
TI - A Methodology for Web Cache Deception Vulnerability Discovery
SN - 978-989-758-701-6
AU - Berto F.
AU - Minetti F.
AU - Ardagna C.
AU - Anisetti M.
PY - 2024
SP - 231
EP - 238
DO - 10.5220/0012692000003711
PB - SciTePress