Insecure by Default? Authentication Services in Popular Web Frameworks
15 August 2016Hannah Li presented a poster at USENIX Security Symposium on how popular web frameworks perform authentication.
Insecure by Default? Authentication Services in Popular Web Frameworks
[Abstract (PDF)] [Poster (PDF)]
The work studies how different design choices made by web frameworks impact the security of web applications built by typical developers using those frameworks, with a goal of understanding the usability and performance trade-offs that lead frameworks to adopt insecure defaults, and develop alternatives that lead to better security without sacrificing the needs of easy initial development and deployment.