Who: room EDIT 8103\
When: 9:30-10:30{{ page.date | date_to_long_string }}\
Where: room EDIT 8103 \
Title: {{ page.title }}
Abstract:\
In this talk, I will present two lines of research I am
currently pursuing. On the one hand, my work focusses on client-side Web
security. To better understand how the eco system evolved, we conducted
a historical study of the last 20 years of the Web using data from the
Internet Archive. Given that the Archive stores all client-side code as
well as relevant header information, this enabled us to analyze trends
over the last years, which allow us to draw conclusions on how future
security mechanisms should be implemented.
On the other hand, while as a community we have become very good at discovering vulnerabilities at scale (regardless of Web or network level flaws), informing the affected parties about the issues has only been treated as a side note in previous research. To understand how such notifications can be conducted at scale, we conducted an experiment in which we notified more than 44,000 vulnerable domains, using different communication channels. Our work shows that reaching administrators is the biggest roadblock to a successful notification. In my talk, I will also discuss some of the technical and human challenges we face when notifying at scale, moreover highlighting which of these areas require further research.
{: .t60 } {% include list-posts tag=‘csstalk’%}