Akamai Diversity

Akamai Security Intelligence
& Threat Research

January 2020 Archives

Daniel Abeles

Daniel Abeles

January 20, 2020 9:00 AM

Abusing the Service Workers API

The Service Worker web API is a powerful new API for web browsers. During our research, we have found several ways attackers can leverage this API to enhance their low-to-medium risk findings into a powerful and meaningful attack. By abusing this API, an attacker can also leave his footprint in the victim's browser and potentially leak sensitive information. By the end of this post, you will have the basics

Akamai

Akamai

January 13, 2020 12:00 PM

HTTP Cache Poisoning Advisory

Summary On January 14, 2020, CERT CC published an advisory warning of the potential use of Content Delivery Networks (CDNs) to cache malicious traffic. Akamai acknowledges this issue and has been aware of similar research in the past. This advisory highlights a reflected XSS vulnerability in origin web applications that exists whether or not a CDN is involved, exacerbated by having responses cached. Site operators should be aware that HTTP