CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Cross Site Request Forgery: Preventive Measures

by Sentamilselvan. K, Lakshmana Pandian. S, Ramkumar. N
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 106 - Number 11
Year of Publication: 2014
Authors: Sentamilselvan. K, Lakshmana Pandian. S, Ramkumar. N
10.5120/18564-9808

Sentamilselvan. K, Lakshmana Pandian. S, Ramkumar. N . Cross Site Request Forgery: Preventive Measures. International Journal of Computer Applications. 106, 11 ( November 2014), 20-25. DOI=10.5120/18564-9808

@article{ 10.5120/18564-9808,
author = { Sentamilselvan. K, Lakshmana Pandian. S, Ramkumar. N },
title = { Cross Site Request Forgery: Preventive Measures },
journal = { International Journal of Computer Applications },
issue_date = { November 2014 },
volume = { 106 },
number = { 11 },
month = { November },
year = { 2014 },
issn = { 0975-8887 },
pages = { 20-25 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume106/number11/18564-9808/ },
doi = { 10.5120/18564-9808 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:39:08.381911+05:30
%A Sentamilselvan. K
%A Lakshmana Pandian. S
%A Ramkumar. N
%T Cross Site Request Forgery: Preventive Measures
%J International Journal of Computer Applications
%@ 0975-8887
%V 106
%N 11
%P 20-25
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Cross Site Request Forgery is considered as one of top vulnerability in today's web, where an untrusted website can force the user browser to send the unauthorized valid request to the trusted site. Cross Site Request Forgery will let the integrity of the legitimate user. So far many solutions have been proposed for the CSRF attacks such as the referrer HTTP Header, Custom HTTP header, Origin Header, client site proxy, Browser plug-in and Random Token Validation. But existing solutions is not so immune as to avoid this attack. All the solutions are partially protected only. This paper focuses on describing the implementation of various possible cross site request forgery methods and describing the pitfalls in the various preventive techniques of cross site request forgery and so we suggested some defense mechanism to prevent this vulnerability.

References
  1. A. Barth, C. Jackson, and J. C. Mitchell. "Robust defenses For cross site request forgery". In Proc. ACM Conference on Computer and Communications Security (CCS), Oct, 2008.
  2. Cross-Site Request Forgery. www. owasp. org/index. php/CrossSite_Request_Forgery, May, 2009.
  3. J. Burns. Cross Site Reference Forgery: An introduction to A common web application weakness. http://www. isecpartners. com/documents/XSRF_Paper. pdf, 2005.
  4. M. Johns and J. Winter, "RequestRodeo: Client Side Protection against Session Riding," In Proc. of the OWASP Europe Conference, Leuven, Belgium, May 2006.
  5. Mohd. Shadab Siddiqui and Deepanker Verma,"Cross Site Request Forgery: A common web application weakness", IEEE Conference and white paper, 2011.
  6. Nenad Jovanovic, Engin Kirda, and Christopher Kruegel. "Preventing cross site request forgery attacks". In IEEE International Conference on Security and Privacy in Communication Networks (SecureComm), 2006.
  7. OWASP. Top ten most critical web application security vulnerabilities. https://www. owasp. org/index. php/Top_10_2013-Top_10. Forgeries. www. securityfocus. com/archive/1/19S90,2001.
  8. Ramarao R. Tool "preventing image based CSRF attacks". http://isea. nitk. ac. in/rod/csrf/PreventImageCSRF/. May, 2009.
  9. Sooel Son, "Prevent Cross site Request Forgery PCRF"userweb. cs. utexas. edu/~samuel/PCRF/Final_PCRF_paper. pdf.
  10. Tatiana Alexenko Mark Jenne suman Deb Roy and Wenjun Zeng," Cross-Site Request Forgery: Attack and Defense". In Proc. IEEE Communications Society (CCNC), 2010.
  11. W. Zeller and E. W. Felten, "Cross-Site Request Forgeries: Exploitation and Prevention," Technical Report, Princeton University, 2008.
  12. E. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic. Noxes, "A Client-Side Solution for Mitigating Cross Site Scripting Attacks", Proceedings of the 21st ACM Symposium on Applied Computing, 2006.
  13. Sapna Choudhary, Bhupendra Singh Thakur, "DES Encryption and Attack detection in Client-Server Communication", International Journal of Advanced Research in Computer Science and Software Engineering. Volume 4, Issue 3, March 2014.
  14. B. S. Y. Fung, "A Fine-Grained Defense Mechanism against general Request Forgery Attacks", In Proc. of IEEE/IFIP DSN Student Forum, 2011.
  15. Luis von Ahn, Nick Hopper Manuel Blum, and John Langford, "CAPTCHA: Using hard AI problems for security", In Eurocrypt 2003.
  16. Sentamilselvan K, S Lakshmana Pandian, Dr. K. Sathiyamurthy. "Survey on Cross Site Request Forgery. " IEEE International Conference on Research and Development Prospects on Engineering and Technology (IEEE ICRDPET-2013). Vol. 5. No. 5. IEEE, 2013.
  17. Sentamilselvan K, Prasath T. "A conceptual study of Cross Site Request Forgery with comprehensive scrutiny. " International Research Journal Of Sustainable Science & Engineering 1. ISSN: 2347-6176 Issue:1 (2014): 1-6.
Index Terms

Computer Science
Information Sciences

Keywords

Security threats Security breaches Browser security Forgery prevention Defense mechanisms Open web application security

Powered by PhDFocusTM