CFP last date
20 January 2025
Reseach Article

An Empirical study of HTML5 Websockets and their Cross Browser behavior for Mixed Content and Untrusted Certificates

by Achin Kulshrestha
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 82 - Number 6
Year of Publication: 2013
Authors: Achin Kulshrestha
10.5120/14119-2221

Achin Kulshrestha . An Empirical study of HTML5 Websockets and their Cross Browser behavior for Mixed Content and Untrusted Certificates. International Journal of Computer Applications. 82, 6 ( November 2013), 13-18. DOI=10.5120/14119-2221

@article{ 10.5120/14119-2221,
author = { Achin Kulshrestha },
title = { An Empirical study of HTML5 Websockets and their Cross Browser behavior for Mixed Content and Untrusted Certificates },
journal = { International Journal of Computer Applications },
issue_date = { November 2013 },
volume = { 82 },
number = { 6 },
month = { November },
year = { 2013 },
issn = { 0975-8887 },
pages = { 13-18 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume82/number6/14119-2221/ },
doi = { 10.5120/14119-2221 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:57:03.919703+05:30
%A Achin Kulshrestha
%T An Empirical study of HTML5 Websockets and their Cross Browser behavior for Mixed Content and Untrusted Certificates
%J International Journal of Computer Applications
%@ 0975-8887
%V 82
%N 6
%P 13-18
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Websockets allow a full duplex connection to be made over a single socket between the client and the server. Today, Websockets is a finished standard and has greatly helped modern web applications to achieve real time communication without any overhead of sending HTTP headers with every request. This research provides an overview of the Websocket protocol and API, and focuses on the state of Websocket security. The research also aims to explicate behavior of different browser implementations of Websockets when delivering mixed content (ws/https) and the browser response when an untrusted certificate is encountered while making a secure Websocket connection. The crux of this paper is to analyze at the grassroots security concerns pertaining to Websockets and discuss best practices for secure deployment.

References
  1. I. Fette and A. Melnikov, 2011, The WebSocket Protocol RFC 6455 Websocket Specification, Internet Engg. Task Force, URL: http://tools. ietf. org/html/rfc6455
  2. Jussi-Pekka Erkkilä, The Websocket security analysis, Aalto University School of Science, 2012,URL "http://juerkkil. iki. fi/files/writings/Websocket2012. pdf",pp 2-3
  3. Adam Barth, Collin Jackson and John C. Mitchell, Robust Defenses for Cross-Site Request Forgery, CCS, 2008, pp 6-7
  4. Slowloris attack and tool, http://ckers. org/slowloris/
  5. Mike Shema, Using HTML5 Websockets Securely, URL "http://deadliestwebattacks. files. wordpress. com/2013/03/asec-f41-mike-shema. pdf", 2013
  6. The Web Socket API, W3c Working Draft http://dev. w3. org/html5/Websockets/#the-Websocket-interface, 2009
  7. Joel Weinberger, Adam Barth, Dawn Song, Towards Client-side HTML Security Policies URL "https://www. usenix. org/legacy/event/hotsec11/tech/final_files/Weinberger. pdf4", pp 3-4, CCS 2008
  8. Json. parse, msdn, http://msdn. microsoft. com/en-us/library/ie/cc836466(v=vs. 94). aspx.
  9. Websockets- HTML5 Security Cheat Sheet, URL https://www. owasp. org/index. php/HTML5_Security_Cheat_Sheet.
Index Terms

Computer Science
Information Sciences

Keywords

HTML5 HTTP Mixed Content Security Websockets.