Web applications are targeted during cyber-attacks in order to get unauthorized access or manipulate sensitive data. Developers are expected to leverage secure coding best practices to protect their web applications. Over the last few years, browser vendors have integrated certain security header controls to support web application security. If these headers are enabled by developers, browsers check values of these header parameters and prevent certain attacks automatically. In this research, we analysed the existence of the common security headers within 8279 different URLs of 361 popular Turkish web portals from 18 different categories. The analysis results have shown that security headers are not utilized by most web developers and even critical web portals do not implement required security headers. This paper explains our contribution by providing the details of the HTTP Security headers, the attack types they can prevent, the analysis tool we have implemented and the analysis results.
HTTP Security Headers Web Security Cyber Security Analysis Large-scale Analysis.
Birincil Dil | İngilizce |
---|---|
Bölüm | Araştırma Makalesi |
Yazarlar | |
Yayımlanma Tarihi | 1 Aralık 2016 |
Yayımlandığı Sayı | Yıl 2016 Cilt: 5 Sayı: 4 |