To mitigate a myriad of Web attacks, modern browsers support client-side security policies
shipped through HTTP response headers. To enforce these defenses, the server needs to …

Over the last decade, web security research has used notification campaigns as a tool to
help web operators fix security problems or stop infrastructure abuse. First attempts at …

Sending forged emails by taking advantage of domain spoofing is a common technique
used by attackers. The lack of appropriate email anti-spoofing schemes or their …

IP spoofing, sending IP packets with a false source IP address, continues to be a primary
attack vector for large-scale Denial of Service attacks. To combat spoofing, various …

Growing recognition of the potential for exploitation of personal data and of the shortcomings
of prior privacy regimes has led to the passage of a multitude of new privacy regulations …

A safe and secure Domain Name System (DNS) is of paramount importance for the digital
economy and society. Malicious activities on the DNS, generally referred to as" DNS abuse" …

User deception in emails is still one of the biggest security risks companies and end-users
face alike. Attackers try to mislead their victims when assessing whether emails are …

Online advertising relies on a complex and opaque supply chain that involves multiple
stakeholders, including advertisers, publishers, and ad-networks, each with distinct and …

In efforts to understand the reasons behind Internet-connected devices remaining
vulnerable for a long time, previous literature analyzed the effectiveness of large-scale …

Clickbait PDFs, an entry point for multiple Web attacks, are distributed via SEO poisoning
and rank high in search results due to being massively uploaded on abused or …