Building a Robust Client-Side Protection Against Cross Site Request Forgery
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2015, Vol 6, Issue 6
Abstract
In recent years, the web has been an indispensable part of business all over the world and web browsers have become the backbones of today's systems and applications. Unfortunately, the number of web application attacks has increased a great deal, so the matter of concern is securing web applications. One of the most serious cyber-attacks has been by cross site request forgery (CSRF). CSRF has been recognized among the major threats to web applications and among the top ten worst vulnerabilities for web applications. In a CSRF attack, an attacker takes liberty be authorized to take a sensitive action on a target website on behalf of a user without his knowledge. This paper, providing an overview about CSRF attack, describes the various possible attacks, the developed solutions, and the risks in the current preventive techniques. This paper comes up with a highly perfect protection mechanism against reflected CSRF called RCSR. RCSR is a tool gives computer users with full control on the attack. RCSR tool relies on specifying HTTP request source, whether it comes from different tab or from the same one of a valid user, it observes and intercepts every request that is passed through the user’s browser and extracts session information, post the extracted information to the Server, then the server create a token for user's session. We checked the working of RCSR extension, our evaluation results show that it is working well and it successfully protects web applications against reflected CSRF.
Authors and Affiliations
Abdalla AlAmeen
Keywords
Related Articles
- EP ID EP100624
- DOI 10.14569/IJACSA.2015.060610
- Views 106
- Downloads 0
Comparative Analysis and Survey of Ant Colony Optimization based Rule Miners
In this research study, we analyze the performance of bio inspired classification approaches by selecting Ant-Miners (Ant-Miner, cAnt_Miner, cAnt_Miner2 and cAnt_MinerPB) for the discovery of classification rules in term...
Software Architecture Solutions for the Internet of Things: A Taxonomy of Existing Solutions and Vision for the Emerging Research
Recently, Internet of Thing (IoT) systems enable an interconnection between systems, humans, and services to create an (autonomous) ecosystem of various computation-intensive things. Software architecture supports an eff...
Novel Causality in Consumer’s Online Behavior: Ecommerce Success Model
Online shopping (e-Shopping) has grown at a rapid pace with the advancement in modern web technologies, there are then socio and technical aspects (factors) in the mentioned e-shopping. The following research paper highl...
Developing a New Hybrid Cipher Algorithm using DNA and RC4
This paper proposes a new hybrid security algorithm called RC4-DNA-Alg. It combines the symmetric stream cipher RC4 algorithm with DNA-indexing algorithm to provide secured data hiding with high complexity inside stegano...
Instrument Development for Measuring the Acceptance of UC&C: A Content Validity Study
Studies on the acceptance of Unified Communications and Collaboration (UC&C) tools such as instant messaging and video conferencing have been around for some time. Adoption and acceptance of UC&C tools and services has b...