Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow
With software-as-a-service becoming mainstream,more and more applications are delivered to the client through the Web. Unlike a desktop application, a web application is split into browser-side and server-side components. A subset of the application’s internal information flows are inevitably exposed on the network.
This paper reports information leaks in several realworld web applications.
See also Side-Channel Attacks on Encrypted Web Traffic by Bruce Schneier