The most dangerous code in the world: validating SSL certificates in non-browser software

  title={The most dangerous code in the world: validating SSL certificates in non-browser software},
  author={Martin Georgiev and Subodh Iyengar and Suman Jana and Rishita Anubhai and Dan Boneh and Vitaly Shmatikov},
  booktitle={ACM Conference on Computer and Communications Security},
SSL (Secure Sockets Layer) is the de facto standard for secure Internet communications. Security of SSL connections against an active network attacker depends on correctly validating public-key certificates presented when the connection is established. We demonstrate that SSL certificate validation is completely broken in many security-critical applications and libraries. Vulnerable software includes Amazon's EC2 Java library and all cloud clients based on it; Amazon's and PayPal's merchant… CONTINUE READING
Highly Influential
This paper has highly influenced 31 other papers. REVIEW HIGHLY INFLUENTIAL CITATIONS
Highly Cited
This paper has 347 citations. REVIEW CITATIONS
Related Discussions
This paper has been referenced on Twitter 4 times. VIEW TWEETS


Publications citing this paper.
Showing 1-10 of 218 extracted citations

Secure Coding Practices in Java: Challenges and Vulnerabilities

2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE) • 2018
View 9 Excerpts
Highly Influenced

Quantitative Evaluation of Systems

Lecture Notes in Computer Science • 2017
View 7 Excerpts
Highly Influenced

A security analysis of police computer systems

2016 14th Annual Conference on Privacy, Security and Trust (PST) • 2016
View 6 Excerpts
Highly Influenced

MUBench: A Benchmark for API-Misuse Detectors

2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR) • 2016
View 5 Excerpts
Highly Influenced

348 Citations

Citations per Year
Semantic Scholar estimates that this publication has 348 citations based on the available data.

See our FAQ for additional information.

Similar Papers

Loading similar papers…