Poster: Security of Login Interfaces in Modern Organizations
Pages 4925 - 4927
Abstract
Login pages, including those for processes like sign-up, registration, and password recovery are interfaces that implement access control to company services or functionalities. Insufficient security on these pages could allow malicious individuals to gain access to services and network of an organization and launch attacks. In this work, we perform a comprehensive study of the security of 73.4k login interfaces of the 100-top European companies from the Fortune report, which we call EU100. We find over 9 million vulnerabilities, which we analyze from a technical perspective, and categorize them according to the hosting model. Our work provides details on the most commonly observed vulnerabilities on login pages across different sectors and according to the hosting strategy adopted by each company.
References
[1]
Suliman Alazmi and Daniel Conte De Leon. 2022. A Systematic Literature Review on the Characteristics and Effectiveness ofWeb Application Vulnerability Scanners. IEEE Access 10 (2022), 33200--33219. https://doi.org/10.1109/ACCESS.2022.3161522
[2]
Shayma Ahmed Altayaran and Wael Elmedany. 2021. Integrating Web Application Security Penetration Testing into the Software Development Life Cycle: A Systematic Literature Review. In 2021 International Conference on Data Analytics for Business and Industry (ICDABI). 671--676. https://doi.org/10.1109/ICDABI53623.2021.9655950
[3]
Zakir Durumeric, EricWustrow, and J Alex Halderman. 2013. ZMap: Fast Internetwide Scanning and Its Security Applications. In Usenix Security, Vol. 2013.
[4]
FindIP. 2024. Find IP API. https://findip.net/. (2024). Accessed: 2024-07--26.
[5]
Nethanel Gelernter, Haya Schulmann, and Michael Waidner. 2024. External Attack-Surface of Modern Organizations. In Proceedings of the 19th ACM Asia Conference on Computer and Communications Security (ASIA CCS '24). Association for Computing Machinery, New York, NY, USA, 589--604. https://doi.org/10.1145/ 3634737.3656295
[6]
Craig Partridge and Mark Allman. 2016. Ethical considerations in network measurement papers. Commun. ACM 59, 10 (2016), 58--64.
[7]
Md. Asif Khan Rifat, Yeasmin Sultana, and B M Mainul Hossain. 2023. Vulnerabilities Assessment of Financial and Government Websites: A Developing Country Perspective. International Journal of Information Engineering and Electronic Business 15, 5 (2023), 42--53. https://doi.org/10.5815/ijieeb.2023.05.05
[8]
Report risk and confidence. 2024. Risk and Confidence HTML. https://www.zaproxy.org/docs/desktop/addons/report-generation/reportrisk- confidence/. (2024). Accessed: 2024-07--26.
[9]
ZAP. 2024. Zed Attack Proxy (ZAP). https://www.zaproxy.org/. (2024). Accessed: 2024-07--25.
Index Terms
- Poster: Security of Login Interfaces in Modern Organizations
Recommendations
External Attack-Surface of Modern Organizations
ASIA CCS '24: Proceedings of the 19th ACM Asia Conference on Computer and Communications SecurityNavigating the maze of contemporary organizational attack surfaces is paramount in fortifying our defenses against the relentless tide of cyber incidents. However, existing network reconnaissance and security measurements, which enumerate IP addresses or ...
Comments
Information & Contributors
Information
Published In
December 2024
5188 pages
ISBN:9798400706363
DOI:10.1145/3658644
- General Chairs:
- Bo Luo,
- Xiaojing Liao,
- Jun Xu,
- Program Chairs:
- Engin Kirda,
- David Lie
Copyright © 2024 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 December 2024
Check for updates
Author Tags
Qualifiers
- Poster
Conference
CCS '24
Sponsor:
CCS '24: ACM SIGSAC Conference on Computer and Communications Security
October 14 - 18, 2024
UT, Salt Lake City, USA
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 63Total Downloads
- Downloads (Last 12 months)63
- Downloads (Last 6 weeks)63
Reflects downloads up to 03 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in