Web Security

Hidden Web Caches Discovery
Hidden Web Caches Discovery

Jul 23, 2024

Can the Date Header Be Used to Detect Caching?

No. But actually, not really. Web Caches Let’s start with some background. Web caches are in-the-middle components physically located between a client and an origin web server. They are used to reduce the latency of HTTP requests by storing the responses of the server and serving them to the client when the same request is made again. Moreover, web caches are used to reduce the load on the origin web servers. Web caches can be placed anywhere in the path between the client and the origin web server. Content Delivery Networks (CDNs) are a type of web caches that is geographically distributed and are usually placed as close as possible to the client, reducing the latency of the requests.

Nov 15, 2023

OAuth 2.0 Redirect URI Validation Falls Short Literally

Sep 19, 2023

The Nonce-nce of Web Security: An Investigation of CSP Nonces Reuse
The Nonce-nce of Web Security: An Investigation of CSP Nonces Reuse

Aug 24, 2023

Mind the CORS
Mind the CORS

Aug 24, 2023

Web Cache Deception leads to Cache Poisoning
Web Cache Deception leads to Cache Poisoning

Web cache poisoning is an attack that allows an attacker to trick a web cache into storing malicious content (such as malicious JavaScript). This content is then served to all the unsuspecting users that request the poisoned URL 1.

Aug 20, 2023

Web Cache Deception Escalates!
Web Cache Deception Escalates!

Aug 10, 2022