Based on the threat models, attackers can carry out several attacks within the Web platform. Some of these attacks originate from implementation vulnerabilities, while others are inherent to the design of the Web, and are indistinguishable from legitimate interaction patterns in the Web. The investigative article covers eight common client-side attacks, which are relevant for the remainder of this dissertation. The attacks are ordered in such a way that they come gradually closer to the user, starting from within the network, followed by a simultaneous session in the browser, taking control of an existing session, to end with personal attacks on the user. The description of each of the attacks covers the problem and its roots, currently available mitigation techniques, state-of-the-art research, and the current state of practice. The information on the current state of practice is both timely and relevant, as it is based on the results of a crawl performed in June 2014 on the Alexa top 10,000 sites, in total good for 4,185,227 requests. The crawl data is analyzed for deployments of well-known and recently introduced mitigation techniques, giving an up-to-date view of the adoption rate of certain mitigation techniques. This shows even the most recent security technologies are already being adopted across the Web.


The divine scriptures are God’s beacons to the world. Surely God offered His trust to the heavens and the earth, and the hills, but they shrank from bearing it and were afraid of it. And man undertook it.
Back to top button