In today’s age of state-of-the-art technology, vulnerabilities, threats, and cyber incidents have expanded consistently throughout these years since the Coronavirus Disease 2019 (COVID-19) spread in 2019. During this period, internet connection services are part of the critical components for individuals’ daily activities and organizations’ daily operations activities, especially the introduction of remote working policy and lockdown instructions from the respective countries for controlling the spread of the COVID-19 virus. Along with the growth of the adoption of Internet connection services, web applications are also increasingly being developed to fulfill the demand for managing daily activities and transactions online. The web application data transferring is mainly managed by the Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS) platforms. HTTP was introduced before and later replaced by HTTPS due to a lack of security features. HTTP is vulnerable to the Man-in-the-Middle (MitM) attack, then, the HTTPS is implemented to countermeasure this issue. Despite that, the fusion attack which consists of MitM attack and a social engineering attack, especially for phishing attacks bypasses the security for HTTPS by degrading the HTTPS version into HTTP framework. The implementation of HTTP Strict Transport Security (HSTS) is being introduced to defend against the fusion attack types and prevent HTTPS from being degraded into the HTTP version. The effectiveness of HSTS is proven to defend against the fusion attack. However, other solution approaches such as the implementation of an Intrusion Detection System (IDS) and enforcement of the solid policies even strengthen the prevention procedures.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Effectiveness of HSTS and Alternative Strategies to Enhance Web Applications Security

  • Liew Han Hui,
  • Julia Juremi

摘要

In today’s age of state-of-the-art technology, vulnerabilities, threats, and cyber incidents have expanded consistently throughout these years since the Coronavirus Disease 2019 (COVID-19) spread in 2019. During this period, internet connection services are part of the critical components for individuals’ daily activities and organizations’ daily operations activities, especially the introduction of remote working policy and lockdown instructions from the respective countries for controlling the spread of the COVID-19 virus. Along with the growth of the adoption of Internet connection services, web applications are also increasingly being developed to fulfill the demand for managing daily activities and transactions online. The web application data transferring is mainly managed by the Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS) platforms. HTTP was introduced before and later replaced by HTTPS due to a lack of security features. HTTP is vulnerable to the Man-in-the-Middle (MitM) attack, then, the HTTPS is implemented to countermeasure this issue. Despite that, the fusion attack which consists of MitM attack and a social engineering attack, especially for phishing attacks bypasses the security for HTTPS by degrading the HTTPS version into HTTP framework. The implementation of HTTP Strict Transport Security (HSTS) is being introduced to defend against the fusion attack types and prevent HTTPS from being degraded into the HTTP version. The effectiveness of HSTS is proven to defend against the fusion attack. However, other solution approaches such as the implementation of an Intrusion Detection System (IDS) and enforcement of the solid policies even strengthen the prevention procedures.