CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

An Empirical study of HTML5 Websockets and their Cross Browser behavior for Mixed Content and Untrusted Certificates

by Achin Kulshrestha
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 82 - Number 6
Year of Publication: 2013
Authors: Achin Kulshrestha
10.5120/14119-2221

Achin Kulshrestha . An Empirical study of HTML5 Websockets and their Cross Browser behavior for Mixed Content and Untrusted Certificates. International Journal of Computer Applications. 82, 6 ( November 2013), 13-18. DOI=10.5120/14119-2221

@article{ 10.5120/14119-2221,
author = { Achin Kulshrestha },
title = { An Empirical study of HTML5 Websockets and their Cross Browser behavior for Mixed Content and Untrusted Certificates },
journal = { International Journal of Computer Applications },
issue_date = { November 2013 },
volume = { 82 },
number = { 6 },
month = { November },
year = { 2013 },
issn = { 0975-8887 },
pages = { 13-18 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume82/number6/14119-2221/ },
doi = { 10.5120/14119-2221 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:57:03.919703+05:30
%A Achin Kulshrestha
%T An Empirical study of HTML5 Websockets and their Cross Browser behavior for Mixed Content and Untrusted Certificates
%J International Journal of Computer Applications
%@ 0975-8887
%V 82
%N 6
%P 13-18
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Websockets allow a full duplex connection to be made over a single socket between the client and the server. Today, Websockets is a finished standard and has greatly helped modern web applications to achieve real time communication without any overhead of sending HTTP headers with every request. This research provides an overview of the Websocket protocol and API, and focuses on the state of Websocket security. The research also aims to explicate behavior of different browser implementations of Websockets when delivering mixed content (ws/https) and the browser response when an untrusted certificate is encountered while making a secure Websocket connection. The crux of this paper is to analyze at the grassroots security concerns pertaining to Websockets and discuss best practices for secure deployment.

References
  1. I. Fette and A. Melnikov, 2011, The WebSocket Protocol RFC 6455 Websocket Specification, Internet Engg. Task Force, URL: http://tools. ietf. org/html/rfc6455
  2. Jussi-Pekka Erkkilä, The Websocket security analysis, Aalto University School of Science, 2012,URL "http://juerkkil. iki. fi/files/writings/Websocket2012. pdf",pp 2-3
  3. Adam Barth, Collin Jackson and John C. Mitchell, Robust Defenses for Cross-Site Request Forgery, CCS, 2008, pp 6-7
  4. Slowloris attack and tool, http://ckers. org/slowloris/
  5. Mike Shema, Using HTML5 Websockets Securely, URL "http://deadliestwebattacks. files. wordpress. com/2013/03/asec-f41-mike-shema. pdf", 2013
  6. The Web Socket API, W3c Working Draft http://dev. w3. org/html5/Websockets/#the-Websocket-interface, 2009
  7. Joel Weinberger, Adam Barth, Dawn Song, Towards Client-side HTML Security Policies URL "https://www. usenix. org/legacy/event/hotsec11/tech/final_files/Weinberger. pdf4", pp 3-4, CCS 2008
  8. Json. parse, msdn, http://msdn. microsoft. com/en-us/library/ie/cc836466(v=vs. 94). aspx.
  9. Websockets- HTML5 Security Cheat Sheet, URL https://www. owasp. org/index. php/HTML5_Security_Cheat_Sheet.
Index Terms

Computer Science
Information Sciences

Keywords

HTML5 HTTP Mixed Content Security Websockets.

Powered by PhDFocusTM