Analysis of the adoption of security headers in HTTP.

With the increase in the number of threats within Web-based systems, a more integrated approach is required to ensure the enforcement of security policies from the server to the client. These policies aim to stop man-in-the-middle attacks, code injection, and so on. This paper analyses some of the newest security options used within HTTP responses, and scans the Alexa Top 1 Million sites for their implementation within HTTP responses. These options scanned for include: Content Security Policy (CSP); Public Key Pinning Extension for HTTP (HPKP); HTTP Strict Transport Security (HSTS) and HTTP Header Field X-Frame-Options (XFO), in order to understand the impact that these options have on the most popular Web sites.The results show that, while the implementation of the parameters are increasing, they are still not implemented on many of the top sites. Along with this the paper shows the profile of adoption of Let’s Encrypt digital certificates across the one million sites, along with a way of assessing the quality of the security headers

An analysis on the implementation of secure web-related protocols in portuguese city councils

The services supporting the websites, both public and private entities, may support security protocols such as HTTPS or DNSSEC. Public and private entities have a responsibility to ensure the security of their online platforms. Entities in the public domain such as city councils provide their services through their websites. However, each city council has its systems, configurations, and IT teams, and this means they have different standings regarding the security protocols supported. This paper analyzes the status of security protocols on Portuguese city council websites, specifically HTTPS and DNSSEC. The study evaluated 308 city council websites using a script developed for the research, and data was collected from the website of Direção Geral das Autarquias Locais (DGAL) on December 14, 2022, and the websites were scanned on December 22, 2022. The results of this assessment reveal that around 97% of city council websites use RSA as their encryption algorithm and around 84% use 2048-bit length keys for digital certificate signing. Furthermore, about 53% of the city council websites are still supporting outdated and potentially insecure SSL/TLS versions, and around 95% of the councils are not implementing DNSSEC in their domains. These results highlight potential areas for improvement in cybersecurity measures and can serve as a baseline to track progress toward improving cybersecurity maturity in Portuguese city councils.A41D-7428-BA6C | Jackson Barreto Costa JúniorN/

Reviewing effectivity in security approaches towards strengthening internet architecture

The usage of existing Internet architecture is shrouded by various security loopholes and hence is highly ineffective towards resisting potential threats over internet. Hence, it is claimed that future internet architecture has been evolved as a solution to address this security gaps of existing internet architecture. Therefore, this paper initiates its discussion by reviewing the existing practices of web security in conventional internet architecture and has also discussed about some recent solutions towards mitigating potentially reported threats e.g. cross-site scripting, SQL inject, and distributed denial-of-service. The paper has also discussed some of the recent research contribution towards security solution considering future internet architecture. The proposed manuscripts contributes to showcase the true effectiveness of existing approaches with respect to advantages and limitation of existing approaches along with explicit highlights of existing research problems that requires immediate attention

Measuring corporate digital divide through websites : insights from Italian firms

Published online: 30 July 2024With the increasing pervasiveness of Information and Communication Technology (ICT) in the fabric of economic activities, the corporate digital divide has become a crucial issue for the assessment of Information Technology (IT) competencies and the digital gap between firms and territories. With little granular data available to measure the phenomenon, most studies have used survey data. To address this empirical gap, we scanned the homepages of 182,705 Italian companies and extracted ten characteristics related to their digital footprint to develop a new index for the corporate digital assessment. Our results show a significant digital divide between Italian companies according to size, sector and geographical location, opening new perspectives for monitoring and data-driven analysis.This work was partially supported by the consortium Artes 4.0 - Advanced Robotics and Enabling Digital Technologies and Systems and the Department of Excellence “Economic and Digital Resilience (RED)” project of IMT Lucca