Vulnerabilities and Defensive Mechanism of CSRF
Purnima Khurana , Purnima Bindal. "Vulnerabilities and Defensive Mechanism of CSRF". International Journal of Computer Trends and Technology (IJCTT) V13(4):171-174, July 2014. ISSN:2231-2803. www.ijcttjournal.org. Published by Seventh Sense Research Group.
Abstract -
In today’s era the internet and its applications provide an easy way to individuals which helps them in their day to day life. As the use of technology increases, dependency on web applications also increases. But these web applications have some major threats and one of them is CSRF(Cross Site Request Forgery). CSRF is a common web application weakness. Cross Site Request forgery attack occur when a malicious web site causes a user’s web browser to perform an unwanted action on a trusted site. There are various possible vulnerabilities and defensive mechanism of CSRF. CSRF flaws exist in web applications with a predictable action structure and which use cookies, browser authentication or client side certificates to authenticate users. This study will help to create awareness about the CSRF attack.
References
[1] Rupali D. Kombade, Dr. B.B. Meshram,” CSRF Vulnerabilities and defence technique”, I. J. Computer Network and Information Security, February 2012.
[2] Adam Barth, Collin Jackson, John C. Mitchell, “ Robust Defenses for Cross-Site Request Forgery” , Oct.2008.
[3] William Zeller and Edward W. Felten, “ Cross-Site Request Forgeries: Exploitation and Prevention,” The New York Times, 2008.
[4] Bill Zeller (2008) Popular Websites Vulnerable to Croos-Site Request Forgery Attacks webpage on Freedom to Tinker. [Online]. Available: https://freedom-to-tinker.com/blog/wzeller/popular-websites-vulnerable-cross-site-request-forgery-attacks/
[5] Difference Between XSS and CSRF webpage on DifferenceBetween.info. [Online]. Available: http://www.differencebetween.info/difference-between-xss-and-csrf
[6] Niraj Bhatt (2010) Cross Site Scripting (XSS) vs. Cross Site Request Forgery (CSRF) webpage on Wordpress.com. [Online]. Available: http://nirajrules.wordpress.com/2010/01/16/cross-site-scripting-xss-vs-cross-site-request-forgery/
[7] John Melton (2012) CSRF prevention in java webpage on WhiteHat Security. [Online]. Available: https://blog.whitehatsec.com/tag/synchronizer-token /
Keywords
Web Application, Vulnerability, Attacks, Defensive measures, Cross-Site Request forgery Introduction