As the Internet has transformed into a critical infrastructure, society has become more
vulnerable to its security flaws. Despite substantial efforts to address many of these …

Cybersecurity assessments are critical for ensuring that security measures in organizational
infrastructures, systems, and applications meet necessary requirements. Given the …

Virtually every connection to an Internet service is preceded by a DNS lookup which is
performed without any traffic-level protection, thus enabling manipulation, redirection …

The potential development of large-scale quantum computers is raising concerns among IT
and security research professionals due to their ability to solve (elliptic curve) discrete …

Consumer IoT devices are becoming increasingly popular, with most leveraging TLS to
provide connection security. In this work, we study a large number of TLS-enabled consumer …

In this paper, we focus on authentication and authorization flaws in web apps that enable
partial or full access to user accounts. Specifically, we develop a novel fully automated black …

Transport Layer Security (TLS) 1.3 is a redesign of the Web's most important security
protocol. It was standardized in August 2018 after a four year-long, unprecedented design …

After nearly five years and 34 draft versions, standardization of the new connection oriented
transport protocol QUIC was finalized in May 2021. Designed as a fundamental network …

The advances in quantum computing present a threat to public key primitives due to their
ability to solve hard cryptographic problems in polynomial time. To address this threat to …

Many websites rely on third parties for services (eg, DNS, CDN, etc.). However, it also
exposes them to shared risks from attacks (eg, Mirai DDoS attack [24]) or cascading failures …