So if you are interested in the deployment roadblocks and strategies for Trusted Types don't forget to drop by at the User Studies VII Session on Friday!
Conformal Prediction for predicting and prioritizing anti-cancer drug responses.
'Reliable anti-cancer drug sensitivity prediction and prioritization' Nature paper .
#conformalprediction
With the identified roadblocks and possible improvement suggestions for the mechanism, we hope to ease the deployment of Trusted Types for Web developers such that we might gain a mechanism that is both easy to use and secure! (follow-up work in progress)
Will Trusted Types end up like CSP?
In our new @USENIXSecurity paper, we conducted a study to uncover roadblocks and deployment strategies of Trusted Types.
Read our preprint here: https://t.co/D255YvoZgU
CC: @_lgroeber @cathykxx @kcotsneb@CISPA@SecPrivTUWien
The biggest roadblock seems to be the sanitization of JavaScript as there is (currently) no proper way of doing so. Many ideas from the participants are bypassable. The only secure but hard-to-maintain solution would be hashes, but WebCrypto is not available in sync. contexts.
It was one of the most informative and entertaining projects I ever had the opportunity to be part of. If you want to learn more about ethical and legal implications of server-side scans, read this. And if you ever get the chance to work with @fh4ntke, seize it!
Can server-side scanning research be legal and ethical? For our upcoming @IEEESSP paper "Where are the red lines?" we talked to experts on law and ethics, and web operators. We discussed challenges, solutions and various fictional research scenarios. https://t.co/cTjFfiVRRl
Can server-side scanning research be legal and ethical? For our upcoming @IEEESSP paper "Where are the red lines?" we talked to experts on law and ethics, and web operators. We discussed challenges, solutions and various fictional research scenarios. https://t.co/cTjFfiVRRl
The next highlight at #RuhrSec 2023 ✨
"You Can't Always Get What You Want – How Web Sites (Often) Lack Consistent Protection"
by @s3br0th and @kcotsneb.
Conference program, more information and details on our website:
🌐 https://t.co/rmDsgb3WTl
#itsecurity#itsicherheit #cybersicherheit #conference #cybersecurity
#itsecurityconference #hacking #NRW #Bochum #ruhrsec
@kcotsneb@matteo_maffei Thanks for everything Ben! It was an wonderful journey and many awesome years at @CISPA with extremely nice colleagues! Thanks everyone!
Hey 👋 Are you responsible for a website as an operator, CISO, ..? What do you think about researchers hacking your website - OK or a no-go? Help us make security research more beneficial for operators! Learn more and sign up for an interview at https://t.co/UwUH9E8AMf. Retweet🙏
You are a Web developer, want to learn something new, and get 50€? We are conducting a study to understand the challenges of deploying a mechanism to defend against client-side XSS.
So, if you are interested, please visit https://t.co/8KphJfFqAd and/or share this invitation.
This security lottery does not only affect the security of end-users because attackers might choose only to attack the vulnerable population, or they succeed by pure chance due to randomness; it also sheds light on measurement inaccuracies that this randomness can cause.
Ever wondered if all clients get the same level of security?
In our newest @USENIXSecurity paper, we discovered that sometimes the configuration of security headers depends on client characteristics.
Read it here: https://t.co/tDIFqJP5O7
CC: @stecalzavara@kcotsneb@CISPA
With our analysis, we not only found Web applications that responded with seemingly random levels of protection, but we also have seen cases where we could deterministically get less protection based on our geolocation, language setting, or the browser that we used.