We conduct a security analysis of five popular web-based password managers. Unlike
“local” password managers, web-based password managers run in the browser. We identify …

Web applications rely on servers to store and process confidential information. However,
anyone who gains access to the server (eg, an attacker, a curious administrator, or a …

We develop a systematic approach for analyzing client-server applications that aim to hide
sensitive user data from untrusted servers. We then apply it to Mylar, a framework that uses …

Third-party libraries ease the development of large-scale software systems. However,
libraries often execute with significantly more privilege than needed to complete their task …

The co-existence of critical and non-critical applications on computing devices, such as
mobile phones, is becoming commonplace. The sensitive segments of a critical application …

The postMessage mechanism in HTML5 enables Web content from different origins to
communicate with each other, thus relaxing the same origin policy. It is especially popular in …

JavaScript's flexible semantics makes writing correct code hard and writing secure code
extremely difficult. To address the former problem, various forms of gradual ty** have …

Web applications are constantly under attack. They are popular, typically accessible from
anywhere on the Internet, and they can be abused as malware delivery systems. Cross-site …

HTML5-based mobile applications are becoming more and more popular because they can
run on different platforms. Several newly introduced mobile OS natively support HTML5 …

We present new attacks and robust countermeasures for security-sensitive components,
such as single sign-on APIs and client-side cryptographic libraries, that need to be safely …