alexa Client-Side Detection of Cross-Site Request Forgery Attacks
Engineering

Engineering

Journal of Information Technology & Software Engineering

Author(s): Hossain Shahriar, Mohammad Zulkernine

Abstract Share this page

Cross Site Request Forgery (CSRF) allows an attacker to perform unauthorized activities without the knowledge of a user. An attack request takes advantage of the fact that a browser appends valid session information for each request. As a result, a browser is the first place to look for attack symptoms and take appropriate actions. Current browser-based detection methods are based on cross-origin policies that allow white listed third party websites to perform requests to a trusted website. These approaches are not effective if policies are specified incorrectly. Moreover, these approaches do not focus on the detection of stored CSRF attacks where attack payloads reside in trusted web pages. To alleviate these limitations, we present a CSRF attack detection mechanism for the client side. Our approach relies on the matching of parameters and values present in a suspected request with a form’s input fields and values that are being displayed on a webpage (visibility). To overcome an attacker’s attempt to circumvent form visibility checking, we compare the response content type of a suspected request with the expected content type. We have implemented a prototype plug-in tool for the Firefox browser and evaluated our approach on three real PHP programs vulnerable to CSRF attacks. We have also developed a benchmark test suite containing 134 test cases for emulating CSRF attack requests for the three programs. The evaluation results indicate that our approach can detect most of the common form of reflected and stored CSRF attacks. Moreover, our approach can stop attack requests that include subsets of visible form fields and values.

This article was published in Software Reliability Engineering (ISSRE) and referenced in Journal of Information Technology & Software Engineering

Relevant Expert PPTs

Relevant Speaker PPTs

Recommended Conferences

Peer Reviewed Journals
 
Make the best use of Scientific Research and information from our 700 + peer reviewed, Open Access Journals
International Conferences 2017-18
 
Meet Inspiring Speakers and Experts at our 3000+ Global Annual Meetings

Contact Us

Agri, Food, Aqua and Veterinary Science Journals

Dr. Krish

[email protected]

1-702-714-7001 Extn: 9040

Clinical and Biochemistry Journals

Datta A

[email protected]

1-702-714-7001Extn: 9037

Business & Management Journals

Ronald

[email protected]

1-702-714-7001Extn: 9042

Chemical Engineering and Chemistry Journals

Gabriel Shaw

[email protected]

1-702-714-7001 Extn: 9040

Earth & Environmental Sciences

Katie Wilson

[email protected]

1-702-714-7001Extn: 9042

Engineering Journals

James Franklin

[email protected]

1-702-714-7001Extn: 9042

General Science and Health care Journals

Andrea Jason

[email protected]

1-702-714-7001Extn: 9043

Genetics and Molecular Biology Journals

Anna Melissa

[email protected]

1-702-714-7001 Extn: 9006

Immunology & Microbiology Journals

David Gorantl

[email protected]

1-702-714-7001Extn: 9014

Informatics Journals

Stephanie Skinner

[email protected]

1-702-714-7001Extn: 9039

Material Sciences Journals

Rachle Green

[email protected]

1-702-714-7001Extn: 9039

Mathematics and Physics Journals

Jim Willison

[email protected]

1-702-714-7001 Extn: 9042

Medical Journals

Nimmi Anna

[email protected]

1-702-714-7001 Extn: 9038

Neuroscience & Psychology Journals

Nathan T

[email protected]

1-702-714-7001Extn: 9041

Pharmaceutical Sciences Journals

John Behannon

[email protected]

1-702-714-7001Extn: 9007

Social & Political Science Journals

Steve Harry

[email protected]

1-702-714-7001 Extn: 9042

 
© 2008-2017 OMICS International - Open Access Publisher. Best viewed in Mozilla Firefox | Google Chrome | Above IE 7.0 version
adwords