WEB APPLICATION SECURITY - CROSS-SITE REQUEST FORGERY ATTACKS
Journal Title: International Journal of Computer Science & Engineering Technology - Year 2013, Vol 4, Issue 8
Abstract
Cross-Site Request Forgery (CSRF) is an attack outlined in the OWASP Top 10 whereby a malicious website will send a request to a web application that a user is already authenticated against from a different website. This way an attacker can access functionality in a target web application via the victim's already authenticated browser. Targets include web applications like social media, in browser email clients, online banking, and web interfaces for network devices. As browser holds valid session information of each request, a browser is the first place to look for attack symptoms and take actions. Current client side detection methods allow performing request to a trusted website by white listed third party websites. These approaches are not effective if policies are specified incorrectly, they do not focus on all the requests and cross check of response content type. To overcome these limitations, we acquaint a client side detection mechanism for the CSRF attack. Our approach relies on concept of a unique CSRF token which tends to change for each and every request. We can do that by using a unique number generator to generate the token. Then we try to match the token in the user's session data and invalidate it when we see it as a match or no token at all. This makes the token a used once. This protects us against repeated attacks. Moreover to overcome an attacker’s attempt to circumvent form visibility checking, we compare the response content type of a suspected request with the expected content type. The current approach detects CSRF attacks through HTML form submissions and other source of requests that might cause program state retrieval or modification which is compatible to latest versions of popular browsers such as IE, Firefox, and Chrome. As proposed approach checks all the requests which might change program state and compatible to popular browsers this approach can reduce the CSRF attacks by detecting the significant number of attack requests, hence our evaluation results indicate that our approach can detect most of the common form of CSRF attacks.
Authors and Affiliations
RadhaRani Sankuru , MadhuBabu Janjanam
Keywords
Related Articles
- EP ID EP109569
- DOI -
- Views 132
- Downloads 0
A LITERATURE SURVEY ON MULTITHREADING TECHNIQUES TO AVOID DATA LOSS IN CLOUD STORAGE
“Security” is a one of the important issues in cloud computing environment. Cloud computing is used to deliver software, storage and processing for millions of users across the world. In the user environment, it is the c...
Novel Approach for Detection of Brain Tumor using Segmentation Techniques
Medical Image Processing is one of the standard method to detect the abnormal tissue. The key benefit of this field is reduction of manual work and early detection of the disease. Various types of medical imaging modalit...
Protein-Protein Interaction Classification Using Jordan Recurrent Neural Network
Proteins form a very important part of a living cell. The biological functions are carried out by the proteins within the cell by interacting with other proteins in other cells. This is called protein-protein interaction...
Stepping Towards Component-Based Software Testing Through A Contemporary Layout
Component- based software development is aimed for developing new software speedily by using minimum resources but outcome the maximum worth. Various components are integrated all together to form the successful software...
AN ANALYSIS OF EXISTING ARTIFICIAL STOCK MARKET MODELS FOR REPRESENTING BOMBAY STOCK EXCHANGE (BSE)
The goal of agent-based modeling of stock markets is to enrich our understanding of fundamental processes that appear in a market. Artificial stock markets are models of financial markets used to study and understand mar...