Vulnerabilities and Defensive Mechanism of CSRF

Purnima Khurana; Purnima Bindal

doi:https://doi.org/10.14445/22312803/IJCTT-V13P135

Research Article | Open Access | Download PDF

Volume 13 | Number 1 | Year 2014 | Article Id. IJCTT-V13P135 | DOI : https://doi.org/10.14445/22312803/IJCTT-V13P135

Vulnerabilities and Defensive Mechanism of CSRF

Purnima Khurana , Purnima Bindal

Citation :

Purnima Khurana , Purnima Bindal, "Vulnerabilities and Defensive Mechanism of CSRF," International Journal of Computer Trends and Technology (IJCTT), vol. 13, no. 1, pp. 171-174, 2014. Crossref, https://doi.org/10.14445/22312803/IJCTT-V13P135

Abstract

In today’s era the internet and its applications provide an easy way to individuals which helps them in their day to day life. As the use of technology increases, dependency on web applications also increases. But these web applications have some major threats and one of them is CSRF(Cross Site Request Forgery). CSRF is a common web application weakness. Cross Site Request forgery attack occur when a malicious web site causes a user’s web browser to perform an unwanted action on a trusted site. There are various possible vulnerabilities and defensive mechanism of CSRF. CSRF flaws exist in web applications with a predictable action structure and which use cookies, browser authentication or client side certificates to authenticate users. This study will help to create awareness about the CSRF attack.

Keywords

Web Application, Vulnerability, Attacks, Defensive measures, Cross-Site Request forgery Introduction

References

[1] Rupali D. Kombade, Dr. B.B. Meshram,” CSRF Vulnerabilities and defence technique”, I. J. Computer Network and Information Security, February 2012.
[2] Adam Barth, Collin Jackson, John C. Mitchell, “ Robust Defenses for Cross-Site Request Forgery” , Oct.2008.
[3] William Zeller and Edward W. Felten, “ Cross-Site Request Forgeries: Exploitation and Prevention,” The New York Times, 2008.
[4] Bill Zeller (2008) Popular Websites Vulnerable to Croos-Site Request Forgery Attacks webpage on Freedom to Tinker. [Online]. Available: https://freedom-to-tinker.com/blog/wzeller/popular-websites-vulnerable-cross-site-request-forgery-attacks/
[5] Difference Between XSS and CSRF webpage on DifferenceBetween.info. [Online]. Available: http://www.differencebetween.info/difference-between-xss-and-csrf
[6] Niraj Bhatt (2010) Cross Site Scripting (XSS) vs. Cross Site Request Forgery (CSRF) webpage on Wordpress.com. [Online]. Available: http://nirajrules.wordpress.com/2010/01/16/cross-site-scripting-xss-vs-cross-site-request-forgery/
[7] John Melton (2012) CSRF prevention in java webpage on WhiteHat Security. [Online]. Available: https://blog.whitehatsec.com/tag/synchronizer-token /