Analysis of HTTP Security Headers in Turkey

Home Page
About
Submit A Journal
Submit A Conference
Submit Paper/Book
- Submit a Preprint
- Submit a Book
Contact

International Journal of Information Security Science
Volume:5 Issue:4
Analysis of HTTP Security Headers in Turkey

Analysis of HTTP Security Headers in Turkey

Authors : Koray Emre KISA, Emin İslam TATLI

Pages : 96-105

View : 40 | Download : 9

Publication Date : 2016-12-01

Article Type : Research Paper

Abstract :Web applications are targeted during cyber-attacks in order to get unauthorized access or manipulate sensitive data. Developers are expected to leverage secure coding best practices to protect their web applications. Over the last few years, browser vendors have integrated certain security header controls to support web application security. If these headers are enabled by developers, browsers check values of these header parameters and prevent certain attacks automatically. In this research, we analysed the existence of the common security headers within 8279 different URLs of 361 popular Turkish web portals from 18 different categories. The analysis results have shown that security headers are not utilized by most web developers and even critical web portals do not implement required security headers. This paper explains our contribution by providing the details of the HTTP Security headers, the attack types they can prevent, the analysis tool we have implemented and the analysis results.
Keywords : HTTP Security Headers, Web Security, Cyber Security Analysis, Large scale Analysis

ORIGINAL ARTICLE URL

* There may have been changes in the journal, article,conference, book, preprint etc. informations. Therefore, it would be appropriate to follow the information on the official page of the source. The information here is shared for informational purposes. IAD is not responsible for incorrect or missing information.