Friday, May 22 • 14:30 - 15:15
Issues And Limitations Of Third Party Security Seals

Sign up or log in to save this to your schedule and see who's attending!

In the current web of distrust, malware, and server compromises,
convincing an online consumer that a website is secure, can make the
difference between a visitor and a buyer. Third-party security seals
position themselves as a solution to this problem, where a trusted
external company vouches for the security of a website, and communicates
it to visitors through a security seal.

In our research, we explore the ecosystem of third-party security seals
focusing on their security claims, in an attempt to quantify the
difference between the advertised guarantees of security seals, and
reality. Through a series of automated and manual experiments, we
discover a real lack of thoroughness from the side of the seal
providers. Among other things, we show how seals can give more credence
to phishing attacks, and how the current architecture of third-party
security seals can be used as a completely passive vulnerability oracle,
allowing attackers to focus their energy on websites with known

avatar for Tom Van Goethem

Tom Van Goethem

imec-DistriNet - KU Leuven
Tom Van Goethem is a PhD student at the University of Leuven with a keen interest in web security and privacy. In his research, Tom likes performing large-scale security experiments, whether to analyze the presence of good and bad practices on the web, or to demystify security claims... Read More →

Friday May 22, 2015 14:30 - 15:15
Room E103 Amsterdam RAI

Attendees (0)