The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Failures of security APIs: A new case

Failures of security APIs: A new case
Failures of security APIs: A new case

We report novel API attacks on a Captcha web service, and discuss lessons that we have learned. In so doing, we expand the horizon of security APIs research by extending it to a new setting. We also show that system architecture analysis is useful both for identifying vulnerabilities in security APIs and for fixing them.

API attacks, Architecture analysis for security, Captcha, Web security
0302-9743
283-298
Springer
Algwil, Abdalnaser
12677a15-6eac-44d0-8923-659506671335
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
Preneel, Bart
Grossklags, Jens
Algwil, Abdalnaser
12677a15-6eac-44d0-8923-659506671335
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
Preneel, Bart
Grossklags, Jens

Algwil, Abdalnaser and Yan, Jeff (2017) Failures of security APIs: A new case. Preneel, Bart and Grossklags, Jens (eds.) In Financial Cryptography and Data Security - 20th International Conference, FC 2016, Revised Selected Papers. vol. 9603 LNCS, Springer. pp. 283-298 . (doi:10.1007/978-3-662-54970-4_17).

Record type: Conference or Workshop Item (Paper)

Abstract

We report novel API attacks on a Captcha web service, and discuss lessons that we have learned. In so doing, we expand the horizon of security APIs research by extending it to a new setting. We also show that system architecture analysis is useful both for identifying vulnerabilities in security APIs and for fixing them.

This record has no associated files available for download.

More information

Published date: 2017
Additional Information: Publisher Copyright: © International Financial Cryptography Association 2017.
Venue - Dates: 20th International Conference on Financial Cryptography and Data Security, FC 2016, , Christ Church, Barbados, 2016-02-22 - 2016-02-26
Keywords: API attacks, Architecture analysis for security, Captcha, Web security
Learn more about Cyber Security research

Identifiers

Local EPrints ID: 500867
URI: http://eprints.soton.ac.uk/id/eprint/500867
DOI: doi:10.1007/978-3-662-54970-4_17
ISSN: 0302-9743
PURE UUID: e535ad49-8a24-4f83-95eb-cfef7f95e9f9

Catalogue record

Date deposited: 14 May 2025 16:51
Last modified: 14 May 2025 16:51

Export record

Altmetrics

Contributors

Author: Abdalnaser Algwil
Author: Jeff Yan
Editor: Bart Preneel
Editor: Jens Grossklags

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×