WEB APPLICATION SECURITY - CROSS-SITE REQUEST FORGERY ATTACKS
Journal Title: International Journal of Computer Science & Engineering Technology - Year 2013, Vol 4, Issue 8
Abstract
Cross-Site Request Forgery (CSRF) is an attack outlined in the OWASP Top 10 whereby a malicious website will send a request to a web application that a user is already authenticated against from a different website. This way an attacker can access functionality in a target web application via the victim's already authenticated browser. Targets include web applications like social media, in browser email clients, online banking, and web interfaces for network devices. As browser holds valid session information of each request, a browser is the first place to look for attack symptoms and take actions. Current client side detection methods allow performing request to a trusted website by white listed third party websites. These approaches are not effective if policies are specified incorrectly, they do not focus on all the requests and cross check of response content type. To overcome these limitations, we acquaint a client side detection mechanism for the CSRF attack. Our approach relies on concept of a unique CSRF token which tends to change for each and every request. We can do that by using a unique number generator to generate the token. Then we try to match the token in the user's session data and invalidate it when we see it as a match or no token at all. This makes the token a used once. This protects us against repeated attacks. Moreover to overcome an attacker’s attempt to circumvent form visibility checking, we compare the response content type of a suspected request with the expected content type. The current approach detects CSRF attacks through HTML form submissions and other source of requests that might cause program state retrieval or modification which is compatible to latest versions of popular browsers such as IE, Firefox, and Chrome. As proposed approach checks all the requests which might change program state and compatible to popular browsers this approach can reduce the CSRF attacks by detecting the significant number of attack requests, hence our evaluation results indicate that our approach can detect most of the common form of CSRF attacks.
Authors and Affiliations
RadhaRani Sankuru , MadhuBabu Janjanam
Keywords
Related Articles
- EP ID EP109569
- DOI -
- Views 128
- Downloads 0
An Approach to Minimize Computational and Communicational Overhead in Cloud Computing
Cloud computing has been envisioned as the next generation information technology architecture for enterprises. Cloud Computing moves the data on the cloud storage servers maintained by service providers, which deprive t...
An analysis of LEACH Protocol in Wireless Sensor Network: A Survey
Wireless Sensor Network is composed of numbers of tiny sensors (nodes) which have the capability of gathering the data about environmental activities and making certain computations on them so that they can be communicat...
Genetic Approach to Find Optimal Moves for Prisoner Dilemma Game
The Prisoner‘s Dilemma, a simple two-person game invented by Merrill Flood & Melvin Dresher in the 1950s, has been studied extensively in Game Theory. Till now the work has been done to study the environment in which...
Feature - based Automated Aerial Image to Satellite Image Registration
Image processing is required in number of fields like clinical diagnosis, remote sensing and computer vision. The need for overlaying of images exists in image processing. Image registration is the basis step in various...
Comparative Study of MBEWCM and Google
MBEWCM is a mobile based web content miner for kids, which help the kids to search the content of the web in a secure and reliable manner. The paper discusses various issues that have been considered to evaluate the perf...