The most dangerous code in the world: validating SSL certificates in non-browser software

@inproceedings{Georgiev2012TheMD,
  title={The most dangerous code in the world: validating SSL certificates in non-browser software},
  author={Martin Georgiev and Subodh Iyengar and Suman Jana and Rishita Anubhai and Dan Boneh and Vitaly Shmatikov},
  booktitle={ACM Conference on Computer and Communications Security},
  year={2012}
}
SSL (Secure Sockets Layer) is the de facto standard for secure Internet communications. Security of SSL connections against an active network attacker depends on correctly validating public-key certificates presented when the connection is established. We demonstrate that SSL certificate validation is completely broken in many security-critical applications and libraries. Vulnerable software includes Amazon's EC2 Java library and all cloud clients based on it; Amazon's and PayPal's merchant… CONTINUE READING

Citations

Publications citing this paper.
SHOWING 1-10 OF 281 CITATIONS

Secure data sharing by restricting user to one-time access

VIEW 19 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

AWorkbench to Analyze X . 509 in Applications

Adrian Reuter
  • 2017
VIEW 5 EXCERPTS
HIGHLY INFLUENCED

Quantitative Evaluation of Systems

  • Lecture Notes in Computer Science
  • 2017
VIEW 7 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Secure Coding Practices in Java: Challenges and Vulnerabilities

  • 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE)
  • 2017
VIEW 9 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

A security analysis of police computer systems

  • 2016 14th Annual Conference on Privacy, Security and Trust (PST)
  • 2016
VIEW 6 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

MUBench: A Benchmark for API-Misuse Detectors

  • 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR)
  • 2016
VIEW 5 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Towards the Usability Evaluation of Security APIs

VIEW 8 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

FILTER CITATIONS BY YEAR

2012
2019

CITATION STATISTICS

  • 42 Highly Influenced Citations

  • Averaged 35 Citations per year from 2017 through 2019