Web Caching Security 2022 - The world today is driving towards connections via the internet rather than social interaction. Hence modern- day businesses have a compelling need to update themselves and make their brand heard across the world. One of the most popular and recognized approaches is to develop a web application which acts as the face of their company over the Internet. This paper presents the development of a Content Management System designed for a start-up that provides fitness sessions to people across the world. The CMS comprises various modules such as user management, individual sessions handling, group sessions handling, course management along with functions including multi-currency and multi-time zone support, telecommunication interfacing, notification system and payment gateway integration. This paper also discusses on the security and caching mechanisms used to improve the security and the scalability of the proposed CMS. The application is designed to overcome the geographical barrier by handling currencies and timezones based on the locality of the user and incorporates a reliable payment and business communication platform. The technological stack includes Dynamic HTML for frontend, Django framework for backend, PostgreSQL and Redis for database management along with Celery task queues, deployed using Docker.
Authored by A Adarsh, Saran Karthik, S Aswath, Akash Sampath, S Pasupathy, S Umamaheshwari
Web Caching Security 2022 - Today’s web applications feature the proliferation of third-party JavaScript inclusion, which incurs a range of security risks. Although attack strategies by manipulating third-party JavaScript files have been widely investigated, the adverse impact caused by third-party JavaScript inclusion and caching does not receive much attention. Specifically, when a malicious script is cached, it can revive and bite every time when a user visits any website that includes it, leading to a much worse effect of the attack. In this paper, we present the first comprehensive study on Alexa top one million websites to investigate how likely thirdparty JavaScript inclusion and caching can make an attack largescale and long-lasting, and further to uncover insecure practices that carelessly or inadvertently exacerbate the attack impact. We also discuss potential solutions to improve current practices to minimize the security risk associated with third-party JavaScript inclusion and caching.
Authored by Tao Hou, Shengping Bi, Mingkui Wei, Tao Wang, Zhuo Lu, Yao Liu
The world today is driving towards connections via the internet rather than social interaction. Hence modern- day businesses have a compelling need to update themselves and make their brand heard across the world. One of the most popular and recognized approaches is to develop a web application which acts as the face of their company over the Internet. This paper presents the development of a Content Management System designed for a start-up that provides fitness sessions to people across the world. The CMS comprises various modules such as user management, individual sessions handling, group sessions handling, course management along with functions including multi-currency and multi-time zone support, telecommunication interfacing, notification system and payment gateway integration. This paper also discusses on the security and caching mechanisms used to improve the security and the scalability of the proposed CMS. The application is designed to overcome the geographical barrier by handling currencies and timezones based on the locality of the user and incorporates a reliable payment and business communication platform. The technological stack includes Dynamic HTML for frontend, Django framework for backend, PostgreSQL and Redis for database management along with Celery task queues, deployed using Docker.
Authored by A Adarsh, Saran Karthik, S Aswath, Akash Sampath, S Pasupathy, S Umamaheshwari
Authored by Michael MacFadden, Meikang Qiu
Today’s web applications feature the proliferation of third-party JavaScript inclusion, which incurs a range of security risks. Although attack strategies by manipulating third-party JavaScript files have been widely investigated, the adverse impact caused by third-party JavaScript inclusion and caching does not receive much attention. Specifically, when a malicious script is cached, it can revive and bite every time when a user visits any website that includes it, leading to a much worse effect of the attack. In this paper, we present the first comprehensive study on Alexa top one million websites to investigate how likely thirdparty JavaScript inclusion and caching can make an attack largescale and long-lasting, and further to uncover insecure practices that carelessly or inadvertently exacerbate the attack impact. We also discuss potential solutions to improve current practices to minimize the security risk associated with third-party JavaScript inclusion and caching.
Authored by Tao Hou, Shengping Bi, Mingkui Wei, Tao Wang, Zhuo Lu, Yao Liu