{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:08:33Z","timestamp":1750306113475,"version":"3.41.0"},"publisher-location":"Republic and Canton of Geneva, Switzerland","reference-count":30,"publisher":"International World Wide Web Conferences Steering Committee","license":[{"start":{"date-parts":[[2017,4,3]],"date-time":"2017-04-03T00:00:00Z","timestamp":1491177600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Ministry of Science and Technology of Taiwan","award":["MOST 105-2633-E-002- 001"],"award-info":[{"award-number":["MOST 105-2633-E-002- 001"]}]},{"name":"Intel Corporation"},{"name":"National Taiwan University","award":["NTU-105R104045"],"award-info":[{"award-number":["NTU-105R104045"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,4,3]]},"DOI":"10.1145\/3038912.3052698","type":"proceedings-article","created":{"date-parts":[[2017,4,6]],"date-time":"2017-04-06T13:30:38Z","timestamp":1491485438000},"page":"1491-1500","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["Security Implications of Redirection Trail in Popular Websites Worldwide"],"prefix":"10.1145","author":[{"given":"Li","family":"Chang","sequence":"first","affiliation":[{"name":"ETH Z\u00fcrich, Zurich, Switzerland"}]},{"given":"Hsu-Chun","family":"Hsiao","sequence":"additional","affiliation":[{"name":"National Taiwan University, Taipei, Taiwan Roc"}]},{"given":"Wei","family":"Jeng","sequence":"additional","affiliation":[{"name":"University of Pittsburgh, Pittsburgh, PA, USA"}]},{"given":"Tiffany Hyun-Jin","family":"Kim","sequence":"additional","affiliation":[{"name":"HRL Laboratories, Malibu, CA, USA"}]},{"given":"Wei-Hsi","family":"Lin","sequence":"additional","affiliation":[{"name":"National Taiwan University, Taipei, Taiwan Roc"}]}],"member":"320","published-online":{"date-parts":[[2017,4,3]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"CWE-601: URL Redirection to Untrusted Site ('Open Redirect'). https:\/\/cwe.mitre.org\/data\/definitions\/601.html."},{"key":"e_1_3_2_1_2_1","unstructured":"Http archive. http:\/\/httparchive.org\/."},{"key":"e_1_3_2_1_3_1","unstructured":"HTTPS at Google. https:\/\/www.google.com\/transparencyreport\/https\/."},{"key":"e_1_3_2_1_4_1","unstructured":"Https everywhere. https:\/\/www.eff.org\/Https-everywhere."},{"key":"e_1_3_2_1_5_1","unstructured":"Let's Encrypt. https:\/\/letsencrypt.org\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Pulse: How federal government domains are meeting best practices on the web. https:\/\/pulse.cio.gov\/."},{"key":"e_1_3_2_1_7_1","unstructured":"RFC6797 HTTP Strict Transport Security (HSTS). https:\/\/tools.ietf.org\/html\/rfc6797."},{"key":"e_1_3_2_1_8_1","unstructured":"Survey of the SSL implementation of the most popular web sites. https:\/\/www.trustworthyinternet.org\/ssl-pulse\/."},{"key":"e_1_3_2_1_9_1","unstructured":"The HTTPS-Only Standard. https:\/\/https.cio.gov\/hsts\/."},{"key":"e_1_3_2_1_10_1","unstructured":"Upgrade Insecure Requests (W3C Candidate Recommendation). https:\/\/www.w3.org\/TR\/upgrade-insecure-requests."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813707"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2488388.2488395"},{"key":"e_1_3_2_1_13_1","volume-title":"USENIX Security Symposium","author":"Aviram N.","year":"2016","unstructured":"N. Aviram, S. Schinzel, J. Somorovsky, N. Heninger, M. Dankel, J. Steube, L. Valenta, D. Adrian, J. A. Halderman, V. Dukhovni, E. K\u00e4sper, S. Cohney, S. Engels, C. Paar, and Y. Shavitt. DROWN: Breaking TLS using SSLv2. In USENIX Security Symposium, 2016."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.41"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504755"},{"key":"e_1_3_2_1_16_1","volume-title":"ZMap: Fast Internet-wide Scanning and Its Security Applications. In USENIX Security Symposium","author":"Durumeric Z.","year":"2013","unstructured":"Z. Durumeric, E. Wustrow, and J. A. Halderman. ZMap: Fast Internet-wide Scanning and Its Security Applications. In USENIX Security Symposium, 2013."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068856"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2063176.2063197"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2014.86"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.13"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1367497.1367569"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23162"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1298306.1298318"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382267"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.12"},{"key":"e_1_3_2_1_26_1","volume-title":"BlackHat","author":"Marlinspike M.","year":"2009","unstructured":"M. Marlinspike. New Tricks for Defeating SSL in Practice. In BlackHat, 2009."},{"key":"e_1_3_2_1_27_1","volume-title":"USENIX Security","author":"Silver D.","year":"2014","unstructured":"D. Silver, S. Jana, E. Chen, C. Jackson, and D. Boneh. Password Managers: Attacks and Defenses. In USENIX Security, 2014."},{"key":"e_1_3_2_1_28_1","volume-title":"The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information. In IEEE Symposium on Security and Privacy","author":"Sivakorn S.","year":"2016","unstructured":"S. Sivakorn, I. Polakis, and A. D. Keromytis. The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information. In IEEE Symposium on Security and Privacy, 2016."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1952222.1952275"},{"key":"e_1_3_2_1_30_1","volume-title":"USENIX Security","author":"Zhou Y.","year":"2014","unstructured":"Y. Zhou and D. Evans. SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities. In USENIX Security, 2014."}],"event":{"name":"WWW '17: 26th International World Wide Web Conference","sponsor":["IW3C2 International World Wide Web Conference Committee","SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"],"location":"Perth Australia","acronym":"WWW '17"},"container-title":["Proceedings of the 26th International Conference on World Wide Web"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3038912.3052698","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3038912.3052698","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:36:29Z","timestamp":1750217789000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3038912.3052698"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,4,3]]},"references-count":30,"alternative-id":["10.1145\/3038912.3052698","10.5555\/3038912"],"URL":"https:\/\/doi.org\/10.1145\/3038912.3052698","relation":{},"subject":[],"published":{"date-parts":[[2017,4,3]]},"assertion":[{"value":"2017-04-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}