International Journal of Computer Network and Information Security(IJCNIS)
ISSN: 2074-9090 (Print), ISSN: 2074-9104 (Online)
Published By: MECS Press
IJCNIS Vol.4, No.1, Feb. 2012
CSRF Vulnerabilities and Defensive Techniques
Full Text (PDF, 131KB), PP.31-37
Web applications are now part of day to day life due to their user friendly environment as well as advancement of technology to provide internet facilities, but these web applications brought lot of threats with them and these threats are continuously growing, one of the these threat is Cross Site Request Forgery(CSRF). CSRF attack is immerged as serious threat to web applications which based on the vulnerabilities present in the normal request response pattern of HTTP protocol. It is difficult to detect and hence it is present in most of the existing web applications. CSRF attack occurs when a malicious web site causes a user’s web browser to perform an unwanted action on a trusted site. It is listed in OWASP’s top ten Web Application attacks list. In this survey paper we will study CSRF attack, CSRF vulnerabilities and its defensive measures. We have compared various defense mechanisms to analyse the best defense mechanism. This study will help us to build strong and robust CSRF protection mechanism.
Cite This Paper
Rupali D. Kombade,B.B. Meshram,"CSRF Vulnerabilities and Defensive Techniques", IJCNIS, vol.4, no.1, pp.31-37, 2012.
Imperva’s Web application Attack Report July 2011 Edition #1, www.imperva.com
OWASP. https://www.owasp.org/index.php/CSRF, Cross-Site Request Forgery, Testing for CSRF (OWASP-SM-005)
Grossman, “Cross Site Request Forgery ‘The Sleeping Giant of Website Vulnerabilities’”, in RSA Conference, San Francisco, April 2008.
Xiaoli Lin, Pavol Zavarsky, Ron Ruhl, Dale Lindskog, “Threat Modeling for CSRF Attacks”, International Conference on Computational Science and Engineering, 2009
Tatiana Alexenko, Mark Jenne, Suman Deb Roy, Wenjun Zeng , “Cross-Site Request Forgery: Attack and Defense”, IEEE CCNC 2010
Mohd. Shadab Siddiqui, Deepanker Verma, “Cross Site Request Forgery: A common web application weakness”, 2011 IEEE
Hossain Shahriar and Mohammad Zulkernine “Client-Side Detection of Cross-Site Request Forgery Attacks”, 21st International Symposium on Software Reliability Engineering, 2010 IEEE
Boyan Chen, Pavol Zavarsky, Ron Ruhl and Dale Lindskog, “A Study of the Effectiveness of CSRF Guard”, 2011 IEEE
“Seven Deadliest Web Application Attacks”, Mike Sharma.
Adam Barth, Collin Jackson, John C. Mitchell ”Robust Defenses for Cross-Site Request Forgery”, CCS’08, October 27–31, 2008, Alexandria, Virginia, USA.
http://anticsrf.codeplex.com/ AntiCSRF - A Cross Site Request Forgery (CSRF) module for ASP.NET
http://netappsec.blogspot.in/2011/05/anti-csrf-viewstate.html “Anti-CSRF & ViewState”
“The Web Application Hackers Handbook”, discovering and exploiting security flaw”, Dafydd Stuttard, Marcus Pinto
Peter W “Cross Site Request Forgeries” – http://www.tux.org/~peterw/csrf.txt