Abstract

This paper presents a state of the art of cross-site request forgery (CSRF) attacks and new techniques which can be used by potential intruders to make them more effective. Several attack scenarios on widely used web applications are discussed, and a vulnerability which affect most recent browsers is explained. This vulnerability makes it possible to perform effective CSRF attacks using the XMLHTTPRequest object. In addition, this paper describes a new technique that preserves the malicious code on the target system even after the browser window is closed. Lastly, best solutions to prevent these attacks are discussed to enable everyone (users, browser or Web applications developers, professionals in charge of IT security in an organization or a company) to prevent or manage this threat.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Server Side Protection against Cross Site Request Forgery using CSRF Gateway
Jaya Gupta ... Suneeta Gola
Journal of Information Technology & Software Engineering | VOL. 6
Jaya Gupta, et. al.Jaya Gupta ... Suneeta Gola
01 Jan 2015
Membangun Keamanan Dari Serangan Cross-Site Request Forgery (CSRF)
...
-
, et. al. ...
01 Aug 2018
Defeating Cross-Site Request Forgery Attacks with Browser-Enforced Authenticity Protection
Ziqing Mao ... Ian Molloy
-
Ziqing Mao, et. al.Ziqing Mao ... Ian Molloy
01 Jan 2009
SECSIX: security engine for CSRF, SQL injection and XSS attacks
Bharti Nagpal ... Naresh Chauhan
International Journal of System Assurance Engineering and Management | VOL. 8
Bharti Nagpal, et. al.Bharti Nagpal ... Naresh Chauhan
28 May 2016
View more papers

More From: Journal in Computer Virology

Paper Title
Journal
Date
Author
Dronezilla: designing an accurate malware behavior retrieval system
Mihai Cimpoesu ... Claudiu Popa
Journal in Computer Virology | VOL. 8
Mihai Cimpoesu, et. al.Mihai Cimpoesu ... Claudiu Popa
04 Jul 2012
ECFGM: enriched control flow graph miner for unknown vicious infected code detection
Mojtaba Eskandari ... Sattar Hashemi
Journal in Computer Virology | VOL. 8
Mojtaba Eskandari, et. al.Mojtaba Eskandari ... Sattar Hashemi
19 Jun 2012
Anti-virtual machines and emulations
Anoirel Issa
Journal in Computer Virology | VOL. 8
Anoirel IssaAnoirel Issa
19 Jun 2012
A practical approach on clustering malicious PDF documents
Cristina Vatamanu ... Răzvan Benchea
Journal in Computer Virology | VOL. 8
Cristina Vatamanu, et. al.Cristina Vatamanu ... Răzvan Benchea
15 Jun 2012
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.