SlideShare a Scribd company logo

How does Academia fare in the realm of Web Security?

Download as PPTX, PDF
J
Jamie O'Hare

Presentation tied to blog post found at thehairyj.github.com/websec Template: Slides Carnival

Technology
1 of 11
How does Academia fare in the realm of Web Security?
Literature Review
Cryptography Across Industry Sectors Investigation into HTTPS and HTTP header adoption across industry sectors Used Alexa categories for identify industry sector Prof. Bill Buchanan OBE Prof. Alan Woodward Scott Helme
Our Key Findings HTTPS Highest share of HTTPS adoption is 81% in the Adult industry section News and Recreation share lowest share at 8% Cipher Suite ECDHE RSA w/ AES256 GCM SHA384 is the most popular across the majority of industry sectors Certificate Authority COMODO, GoDaddy and Symantic podium across all industry sectors Let’s Encrypt appears in Top 10 for Adult and Games TLS Version TLSv1.2 is the overwhelmingly most used version. TLSv1.0 is most used in Recreation HTTP Headers Highest share of HTTPS adoption is 81% in the Adult industry section Web Server Apache was the most popular across all industry sectors
Adult, Arts, Business, Computers, Games, Health, Home, Kids and Teens, News, Recreation, Reference, Regional, Science, Shopping, Society, Sports, World
Methodology
Ask a Friend I manage to rope Lloyd into writing a scanner ● Written in Go ● Available upon request ● May need some tweaks
Creating a List of Academic Institutions 3 College mergers! Go through college mergers which don’t have their own sites and add each of the individual colleges Raises total to 490 1 National Student Survey provides 438 institutions across UK 2 Upon inspection of the dataset numerous Scottish, Welsh and Northern Irish institutions are not included on the list. Adding these raised the total to 475
Results
Key Findings HTTPS Of the 490 sites, 438 responded Out of these 438 sites only 303 had HTTPS redirects Cipher Suite TLS ECDHE RSA w/ AES 256 CBC SHA is the most used cipher suite There was 251 unknown results Certificate Authority QuoVadis is the most popular CA at 140 sites Let’s Encrypt was 2nd most popular at 51 TLS Version TLS 1.2 is the most popular TLS version at 292 10 sites are using TLS 1.0 HTTP Headers Total 420 HTTP headers across 438 websites X-Frame-Options is the most common at 133 Only 16 sites have CSPs Web Server Apache is by far the most popular web server used at 171 sites Followed by Nginx and then Microsoft IIS
Thanks! Any questions? thehairyj.github.com/websec @TheHairyJ @LloydLabs Template: SlidesCarnival

Recommended

App sec owasp from developers prospective
App sec owasp from developers prospectiveApp sec owasp from developers prospective
App sec owasp from developers prospectiveSecurity Innovation
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureBrian Ritchie
 
Upgrading the Web with Douglas Crockford @ FITC's Web Unleashed 2015
Upgrading the Web with Douglas Crockford @ FITC's Web Unleashed 2015Upgrading the Web with Douglas Crockford @ FITC's Web Unleashed 2015
Upgrading the Web with Douglas Crockford @ FITC's Web Unleashed 2015FITC
 
Geek Guide: Apache Web Servers and SSL Authentication
Geek Guide: Apache Web Servers and SSL AuthenticationGeek Guide: Apache Web Servers and SSL Authentication
Geek Guide: Apache Web Servers and SSL AuthenticationRapidSSLOnline.com
 
State of the Web
State of the WebState of the Web
State of the WebCASCouncil
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
 
HTTPS, Here and Now
HTTPS, Here and NowHTTPS, Here and Now
HTTPS, Here and NowPhilippe De Ryck
 
Webinar - How and Why Your Library Should Move to HTTPS 2018-07-17
Webinar - How and Why Your Library Should Move to HTTPS 2018-07-17Webinar - How and Why Your Library Should Move to HTTPS 2018-07-17
Webinar - How and Why Your Library Should Move to HTTPS 2018-07-17TechSoup
 

Recommended

App sec owasp from developers prospective
App sec owasp from developers prospectiveApp sec owasp from developers prospective
App sec owasp from developers prospectiveSecurity Innovation
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureBrian Ritchie
 
Upgrading the Web with Douglas Crockford @ FITC's Web Unleashed 2015
Upgrading the Web with Douglas Crockford @ FITC's Web Unleashed 2015Upgrading the Web with Douglas Crockford @ FITC's Web Unleashed 2015
Upgrading the Web with Douglas Crockford @ FITC's Web Unleashed 2015FITC
 
Geek Guide: Apache Web Servers and SSL Authentication
Geek Guide: Apache Web Servers and SSL AuthenticationGeek Guide: Apache Web Servers and SSL Authentication
Geek Guide: Apache Web Servers and SSL AuthenticationRapidSSLOnline.com
 
State of the Web
State of the WebState of the Web
State of the WebCASCouncil
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
 
HTTPS, Here and Now
HTTPS, Here and NowHTTPS, Here and Now
HTTPS, Here and NowPhilippe De Ryck
 
Webinar - How and Why Your Library Should Move to HTTPS 2018-07-17
Webinar - How and Why Your Library Should Move to HTTPS 2018-07-17Webinar - How and Why Your Library Should Move to HTTPS 2018-07-17
Webinar - How and Why Your Library Should Move to HTTPS 2018-07-17TechSoup
 
WordPress and SSL
WordPress and SSLWordPress and SSL
WordPress and SSLChris Burgess
 
Best Practice TLS for IBM Domino
Best Practice TLS for IBM DominoBest Practice TLS for IBM Domino
Best Practice TLS for IBM DominoJared Roberts
 
Usage of rc4 cipher in SSL configurations of Sri Lankan financial institutes ...
Usage of rc4 cipher in SSL configurations of Sri Lankan financial institutes ...Usage of rc4 cipher in SSL configurations of Sri Lankan financial institutes ...
Usage of rc4 cipher in SSL configurations of Sri Lankan financial institutes ...Tharindu Weerasinghe
 
curl and new technologies
curl and new technologiescurl and new technologies
curl and new technologiesDaniel Stenberg
 
HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?CheapSSLsecurity
 
Believe It Or Not SSL Attacks
Believe It Or Not SSL AttacksBelieve It Or Not SSL Attacks
Believe It Or Not SSL AttacksAkash Mahajan
 
Https
HttpsHttps
HttpsBala Bhaskar Karakavalasa
 
Network security essentials applications and standards - 17376.pdf
Network security essentials applications and standards - 17376.pdfNetwork security essentials applications and standards - 17376.pdf
Network security essentials applications and standards - 17376.pdfDrBasemMohamedElomda
 
SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?Dan York
 
Routing and switching essentials companion guide
Routing and switching essentials companion guideRouting and switching essentials companion guide
Routing and switching essentials companion guideSiddhartha Rajbhatt
 
ALA Tech Seminar
ALA Tech SeminarALA Tech Seminar
ALA Tech Seminarmshufeldt
 
Ssl certificate in internet world
Ssl certificate in internet worldSsl certificate in internet world
Ssl certificate in internet worldjamesbarns729
 
ONLINE ACCESSThank you for purchasing a new copy of Bu.docx
ONLINE ACCESSThank you for purchasing a new copy of Bu.docxONLINE ACCESSThank you for purchasing a new copy of Bu.docx
ONLINE ACCESSThank you for purchasing a new copy of Bu.docxcherishwinsland
 
CompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and TricksCompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and TricksJoseph Holbrook, Chief Learning Officer (CLO)
 
ION Santiago: Lock It Up: TLS for Network Operators
ION Santiago: Lock It Up: TLS for Network OperatorsION Santiago: Lock It Up: TLS for Network Operators
ION Santiago: Lock It Up: TLS for Network OperatorsDeploy360 Programme (Internet Society)
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and FutureTiago Mendo
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and FutureLuis Grangeia
 
Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)Zoompf
 
6222019 Originality Reporthttpsblackboard.nec.eduweb.docx
6222019 Originality Reporthttpsblackboard.nec.eduweb.docx6222019 Originality Reporthttpsblackboard.nec.eduweb.docx
6222019 Originality Reporthttpsblackboard.nec.eduweb.docxtroutmanboris
 
Maximizing Performance with SPDY and SSL
Maximizing Performance with SPDY and SSLMaximizing Performance with SPDY and SSL
Maximizing Performance with SPDY and SSLZoompf
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

More Related Content

Similar to How does Academia fare in the realm of Web Security?

Best Practice TLS for IBM Domino
Best Practice TLS for IBM DominoBest Practice TLS for IBM Domino
Best Practice TLS for IBM DominoJared Roberts
 
Usage of rc4 cipher in SSL configurations of Sri Lankan financial institutes ...
Usage of rc4 cipher in SSL configurations of Sri Lankan financial institutes ...Usage of rc4 cipher in SSL configurations of Sri Lankan financial institutes ...
Usage of rc4 cipher in SSL configurations of Sri Lankan financial institutes ...Tharindu Weerasinghe
 
curl and new technologies
curl and new technologiescurl and new technologies
curl and new technologiesDaniel Stenberg
 
HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?CheapSSLsecurity
 
Believe It Or Not SSL Attacks
Believe It Or Not SSL AttacksBelieve It Or Not SSL Attacks
Believe It Or Not SSL AttacksAkash Mahajan
 
Network security essentials applications and standards - 17376.pdf
Network security essentials applications and standards - 17376.pdfNetwork security essentials applications and standards - 17376.pdf
Network security essentials applications and standards - 17376.pdfDrBasemMohamedElomda
 
SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?Dan York
 
Routing and switching essentials companion guide
Routing and switching essentials companion guideRouting and switching essentials companion guide
Routing and switching essentials companion guideSiddhartha Rajbhatt
 
ALA Tech Seminar
ALA Tech SeminarALA Tech Seminar
ALA Tech Seminarmshufeldt
 
Ssl certificate in internet world
Ssl certificate in internet worldSsl certificate in internet world
Ssl certificate in internet worldjamesbarns729
 
ONLINE ACCESSThank you for purchasing a new copy of Bu.docx
ONLINE ACCESSThank you for purchasing a new copy of Bu.docxONLINE ACCESSThank you for purchasing a new copy of Bu.docx
ONLINE ACCESSThank you for purchasing a new copy of Bu.docxcherishwinsland
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and FutureTiago Mendo
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and FutureLuis Grangeia
 
Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)Zoompf
 
6222019 Originality Reporthttpsblackboard.nec.eduweb.docx
6222019 Originality Reporthttpsblackboard.nec.eduweb.docx6222019 Originality Reporthttpsblackboard.nec.eduweb.docx
6222019 Originality Reporthttpsblackboard.nec.eduweb.docxtroutmanboris
 
Maximizing Performance with SPDY and SSL
Maximizing Performance with SPDY and SSLMaximizing Performance with SPDY and SSL
Maximizing Performance with SPDY and SSLZoompf
 

Similar to How does Academia fare in the realm of Web Security? (20)

WordPress and SSL
WordPress and SSLWordPress and SSL
WordPress and SSL
 
Best Practice TLS for IBM Domino
Best Practice TLS for IBM DominoBest Practice TLS for IBM Domino
Best Practice TLS for IBM Domino
 
Usage of rc4 cipher in SSL configurations of Sri Lankan financial institutes ...
Usage of rc4 cipher in SSL configurations of Sri Lankan financial institutes ...Usage of rc4 cipher in SSL configurations of Sri Lankan financial institutes ...
Usage of rc4 cipher in SSL configurations of Sri Lankan financial institutes ...
 
curl and new technologies
curl and new technologiescurl and new technologies
curl and new technologies
 
HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?
 
Believe It Or Not SSL Attacks
Believe It Or Not SSL AttacksBelieve It Or Not SSL Attacks
Believe It Or Not SSL Attacks
 
Https
HttpsHttps
Https
 
Network security essentials applications and standards - 17376.pdf
Network security essentials applications and standards - 17376.pdfNetwork security essentials applications and standards - 17376.pdf
Network security essentials applications and standards - 17376.pdf
 
SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?
 
Routing and switching essentials companion guide
Routing and switching essentials companion guideRouting and switching essentials companion guide
Routing and switching essentials companion guide
 
ALA Tech Seminar
ALA Tech SeminarALA Tech Seminar
ALA Tech Seminar
 
Ssl certificate in internet world
Ssl certificate in internet worldSsl certificate in internet world
Ssl certificate in internet world
 
ONLINE ACCESSThank you for purchasing a new copy of Bu.docx
ONLINE ACCESSThank you for purchasing a new copy of Bu.docxONLINE ACCESSThank you for purchasing a new copy of Bu.docx
ONLINE ACCESSThank you for purchasing a new copy of Bu.docx
 
CompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and TricksCompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and Tricks
 
ION Santiago: Lock It Up: TLS for Network Operators
ION Santiago: Lock It Up: TLS for Network OperatorsION Santiago: Lock It Up: TLS for Network Operators
ION Santiago: Lock It Up: TLS for Network Operators
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and Future
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and Future
 
Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)
 
6222019 Originality Reporthttpsblackboard.nec.eduweb.docx
6222019 Originality Reporthttpsblackboard.nec.eduweb.docx6222019 Originality Reporthttpsblackboard.nec.eduweb.docx
6222019 Originality Reporthttpsblackboard.nec.eduweb.docx
 
Maximizing Performance with SPDY and SSL
Maximizing Performance with SPDY and SSLMaximizing Performance with SPDY and SSL
Maximizing Performance with SPDY and SSL
 

Recently uploaded

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

How does Academia fare in the realm of Web Security?

  • 1. How does Academia fare in the realm of Web Security?
  • 3. Cryptography Across Industry Sectors Investigation into HTTPS and HTTP header adoption across industry sectors Used Alexa categories for identify industry sector Prof. Bill Buchanan OBE Prof. Alan Woodward Scott Helme
  • 4. Our Key Findings HTTPS Highest share of HTTPS adoption is 81% in the Adult industry section News and Recreation share lowest share at 8% Cipher Suite ECDHE RSA w/ AES256 GCM SHA384 is the most popular across the majority of industry sectors Certificate Authority COMODO, GoDaddy and Symantic podium across all industry sectors Let’s Encrypt appears in Top 10 for Adult and Games TLS Version TLSv1.2 is the overwhelmingly most used version. TLSv1.0 is most used in Recreation HTTP Headers Highest share of HTTPS adoption is 81% in the Adult industry section Web Server Apache was the most popular across all industry sectors
  • 5. Adult, Arts, Business, Computers, Games, Health, Home, Kids and Teens, News, Recreation, Reference, Regional, Science, Shopping, Society, Sports, World
  • 7. Ask a Friend I manage to rope Lloyd into writing a scanner ● Written in Go ● Available upon request ● May need some tweaks
  • 8. Creating a List of Academic Institutions 3 College mergers! Go through college mergers which don’t have their own sites and add each of the individual colleges Raises total to 490 1 National Student Survey provides 438 institutions across UK 2 Upon inspection of the dataset numerous Scottish, Welsh and Northern Irish institutions are not included on the list. Adding these raised the total to 475
  • 10. Key Findings HTTPS Of the 490 sites, 438 responded Out of these 438 sites only 303 had HTTPS redirects Cipher Suite TLS ECDHE RSA w/ AES 256 CBC SHA is the most used cipher suite There was 251 unknown results Certificate Authority QuoVadis is the most popular CA at 140 sites Let’s Encrypt was 2nd most popular at 51 TLS Version TLS 1.2 is the most popular TLS version at 292 10 sites are using TLS 1.0 HTTP Headers Total 420 HTTP headers across 438 websites X-Frame-Options is the most common at 133 Only 16 sites have CSPs Web Server Apache is by far the most popular web server used at 171 sites Followed by Nginx and then Microsoft IIS