A web mashup is a web application that integrates content from different providers to create a new service, not offered by the content providers. As mashups grow in popularity, ...
Unrestricted information flows are a key security weakness of current web design. Cross-site scripting, cross-site request forgery, and other attacks typically require that inform...
Terri Oda, Glenn Wurster, Paul C. van Oorschot, An...
Many requests that a Web browser makes are not made to the primary site a user is visiting. It is common for websites to instruct browsers to make additional requests to third-part...
Many web sites embed third-party content in frames, relying on the browser's security policy to protect them from malicious content. Frames, however, are often insufficient i...
We describe a new attack against web authentication, which we call dynamic pharming. Dynamic pharming works by hijacking DNS and sending the victim’s browser malicious Javascrip...
Chris Karlof, Umesh Shankar, J. Doug Tygar, David ...