Abstract
Cross-Site Request Forgery (CSRF) vulnerabilities are severe web vulnerabilities since their characteristics of extreme concealment and heavy harmfulness. However, they have received marginal attention from both the academic and the industry and the detection and protection of CSRF vulnerabilities are still performed predominantly manually. This paper proposes CSRFSolver for API-level CSRF detection and protection with two components: CSRF detector and CSRF defender. The former helps to identify and locate CSRF points where they need CSRF protection, and the latter provides CSRF protection by generating and verifying CSRFToken. We evaluate the effectiveness and efficiency of CSRFSolver on Cisco Webex public URL APIs with the state-of-the-art method. The results indicate that CSRFSolver can effectively and efficiently protect the system from CSRF attacks and have no side effects on systems' functionality. Meanwhile, the practical usefulness of CSRFSolver has also been verified through four years of deployment in Cisco Webex.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
