Abstract
HTTP Strict Transport Security (HSTS) and HTTP Public Key Pinning (HPKP) are two protocols aimed to enforce HTTPS connections and allow certificate pinning over HTTP. The combination of these recent protocols improves and strengthens HTTPS security in general, adding an additional layer of trust and verification. In addition, they help ensure that the connection is always ciphered and correctly authenticated. However, during the process of adoption and implementation of any protocol that is not yet completely settled, the possibility of introducing new weaknesses, opportunities or attack scenarios arises. Even when these protocols are implemented, bad practices prevent them from actually providing the additional security they are expected to provide. In this study, the authors review not just the quantity but the quality (according to several criteria) of the implementation in both servers and most popular browsers and report on some possible attack scenarios that the authors have discovered.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
