A Security-Oriented Analysis of Web Inclusions in the Italian Public Administration

posted Oct 15, 2018, 2:20 AM by Eric Medvet   [ updated Dec 4, 2018, 1:37 AM ]
Modern web sites serve content that browsers fetch automatically from a number of different web servers that may be placed anywhere in the world. Such content is essential for defining the appearance and behavior of a web site and is thus a potential target for attacks. Many public administrations offer services on the web, thus we have entered a world in which web sites of public interest are continuously and systematically depending on web servers that may be located anywhere in the world and are potentially under control of other governments. In this work we focus on these issues by investigating the content included by almost 10.000 web sites of the Italian Public Administration. We analyze the nature of such content, its quantity, its geographical location, the amount of dynamic variations over time. Our analyses demonstrate that the perimeter of trust of the Italian Public Administration collectively includes countries that are well beyond the control of the Italian government and provides several insights useful for implementing a centralized monitoring service aimed at detecting anomalies.
Eric Medvet,
Dec 4, 2018, 1:35 AM