Conference Venue: RAI Amsterdam, Europaplein 24, 1078 GZ Amsterdam, The Netherlands

Book Hotel click HERE
Back To Schedule
Thursday, September 26 • 4:05pm - 4:50pm
Mobile-friendly or Attacker-friendly? A Large-scale Security Evaluation of Mobile-first Websites

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In the last few years, traffic generated by mobile devices has surpassed desktop visits. In order to provide users with the best browsing experience, many website owners specifically tailor their site to mobile devices. While some websites make use of reactive designs, many others opt to create an entirely new "mobile-first" website, typically hosted on a different subdomain than the desktop site. These mobile-first sites provide a unique viewpoint on how organizations handle security: the mobile version of a site is typically developed several years after the desktop site by the same organization. Through a large-scale security analysis on 10,222 domains with both a desktop and mobile-first version, we find several strong indicators that security is generally applied consistently across the different parts of an organization's web estate. Overall, we find relatively few differences between the desktop and mobile versions of a website, both on the adoption and the implementation of security features, indicating that these are applied reactively rather than proactively during the design phase. Nevertheless, we discover that desktop users are unnecessarily facing threats from the mobile website, whereas mobile users are less exposed to vulnerabilities in the desktop site.

avatar for Tom Van Goethem

Tom Van Goethem

Tom is a Ph.D. researcher at the University of Leuven in Belgium. As part of his research, Tom is broadly interested in web security and privacy, and more specifically focuses on uncovering side-channel attacks in the web platform and large- scale security evaluations. As part of... Read More →

Thursday September 26, 2019 4:05pm - 4:50pm CEST