Logo Politecnico di Torino
ITEN
WebThesis

Vulnerability Analysis of Web Push Implementations in the Wild

Alberto Carboneri

Vulnerability Analysis of Web Push Implementations in the Wild.

Rel. Cataldo Basile. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2023

[thumbnail of Tesi_di_laurea]
Preview
 PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.
Download (752kB) | Preview

Abstract

Web push is a novel technology, supported by all major browsers, which has gained significant traction in the developer community thanks to its ability to engage users efficiently and anonymously. However, security researchers have yet to properly investigate the possible threats arising from its improper use. In this thesis, we explore the capabilities and features of web push, report common usage patterns found in the wild, including an analysis of the inner working of most third-party providers, and present a security analysis of such implementations. We demonstrate a novel history-sniffing attack abusing a common implementation mistake, and a dangerous use case of the well-known CSRF vulnerability.

We conduct and show the results of the first large-scale measurement aimed at identifying the prevalence of this technology and the related vulnerabilities on the web

Relatori

Cataldo Basile

Anno Accademico

2022/23

Tipo di pubblicazione

Elettronica

Numero di pagine

49

Corso di laurea

Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)

Classe di laurea

Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA

Ente in cotutela

UNIVERSITY OF ILLINOIS AT CHICAGO (STATI UNITI D'AMERICA)

Aziende collaboratrici

Politecnico di Torino

URI

https://webthesis.biblio.polito.it/id/eprint/27645
Modifica (riservato agli operatori) Modifica (riservato agli operatori)
Logo Politecnico di Torino