Building a Robust Client-Side Protection Against Cross Site Request Forgery
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2015, Vol 6, Issue 6
Abstract
In recent years, the web has been an indispensable part of business all over the world and web browsers have become the backbones of today's systems and applications. Unfortunately, the number of web application attacks has increased a great deal, so the matter of concern is securing web applications. One of the most serious cyber-attacks has been by cross site request forgery (CSRF). CSRF has been recognized among the major threats to web applications and among the top ten worst vulnerabilities for web applications. In a CSRF attack, an attacker takes liberty be authorized to take a sensitive action on a target website on behalf of a user without his knowledge. This paper, providing an overview about CSRF attack, describes the various possible attacks, the developed solutions, and the risks in the current preventive techniques. This paper comes up with a highly perfect protection mechanism against reflected CSRF called RCSR. RCSR is a tool gives computer users with full control on the attack. RCSR tool relies on specifying HTTP request source, whether it comes from different tab or from the same one of a valid user, it observes and intercepts every request that is passed through the user’s browser and extracts session information, post the extracted information to the Server, then the server create a token for user's session. We checked the working of RCSR extension, our evaluation results show that it is working well and it successfully protects web applications against reflected CSRF.
Authors and Affiliations
Abdalla AlAmeen
Keywords
Related Articles
- EP ID EP100624
- DOI 10.14569/IJACSA.2015.060610
- Views 111
- Downloads 0
Static Analysis on Floating-Point Programs Dealing with Division Operations
Numerical accuracy is a critical point in safe computations when it comes to floating-point programs. Given a certain accuracy for the inputs of a program, the static analysis computes a safe approximation of the accurac...
Survey on Human Activity Recognition based on Acceleration Data
Human activity recognition is an important area of machine learning research as it has many utilization in different areas such as sports training, security, entertainment, ambient-assisted living, and health monitoring...
Consuming Web Services on Android Mobile Platform for Finding Parking Lots
Many web applications over the last decade are built using Web services based on Simple Object Access Protocol (SOAP), because these Web services are the best choice for web applications and mobile applications in genera...
Feature Based Correspondence: A Comparative Study on Image Matching Algorithms
Image matching and recognition are the crux of computer vision and have a major part to play in everyday lives. From industrial robots to surveillance cameras, from autonomous vehicles to medical imaging and from missile...
Development of Adaptive Mobile Learning (AML) on Information System Courses
In general, the learning process is done conventionally, where the learning process is done face to face between teachers with learners in the classroom. Teachers have a very important role in determining the quantity an...