Web加密API:流行和可能的开发者错误

Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI:10.1145/3538969.3538977

Pascal Wichmann, M. Blochberger, H. Federrath

{"title":"Web加密API:流行和可能的开发者错误","authors":"Pascal Wichmann, M. Blochberger, H. Federrath","doi":"10.1145/3538969.3538977","DOIUrl":null,"url":null,"abstract":"In this paper, we analyze mistakes that web developers can make when using the Web Cryptography API. We evaluate the impact of the uncovered mistakes and discuss how they can be prevented. Furthermore, we derive best practices from these mistakes to provide guidance to developers. To assess the relevance of the Web Cryptography API, we empirically evaluate how prevalently it is used by popular web applications on the Internet and in GitHub repositories, finding that only a small proportion of web applications use it. The most widely used operation by far is the generation of cryptographically secure random values, which was not possible in browser-based JavaScript prior to the Web Cryptography API.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Web Cryptography API: Prevalence and Possible Developer Mistakes\",\"authors\":\"Pascal Wichmann, M. Blochberger, H. Federrath\",\"doi\":\"10.1145/3538969.3538977\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we analyze mistakes that web developers can make when using the Web Cryptography API. We evaluate the impact of the uncovered mistakes and discuss how they can be prevented. Furthermore, we derive best practices from these mistakes to provide guidance to developers. To assess the relevance of the Web Cryptography API, we empirically evaluate how prevalently it is used by popular web applications on the Internet and in GitHub repositories, finding that only a small proportion of web applications use it. The most widely used operation by far is the generation of cryptographically secure random values, which was not possible in browser-based JavaScript prior to the Web Cryptography API.\",\"PeriodicalId\":306813,\"journal\":{\"name\":\"Proceedings of the 17th International Conference on Availability, Reliability and Security\",\"volume\":\"34 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-08-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 17th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3538969.3538977\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 17th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3538969.3538977","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

在本文中，我们分析了web开发人员在使用web加密API时可能犯的错误。我们评估未发现的错误的影响，并讨论如何预防它们。此外，我们从这些错误中获得最佳实践，为开发人员提供指导。为了评估Web加密API的相关性，我们根据经验评估了互联网上和GitHub存储库中流行的Web应用程序使用它的普遍程度，发现只有一小部分Web应用程序使用它。到目前为止，最广泛使用的操作是生成加密安全的随机值，在Web加密API之前，这在基于浏览器的JavaScript中是不可能的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Web Cryptography API: Prevalence and Possible Developer Mistakes

In this paper, we analyze mistakes that web developers can make when using the Web Cryptography API. We evaluate the impact of the uncovered mistakes and discuss how they can be prevented. Furthermore, we derive best practices from these mistakes to provide guidance to developers. To assess the relevance of the Web Cryptography API, we empirically evaluate how prevalently it is used by popular web applications on the Internet and in GitHub repositories, finding that only a small proportion of web applications use it. The most widely used operation by far is the generation of cryptographically secure random values, which was not possible in browser-based JavaScript prior to the Web Cryptography API.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 17th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量