Abstract

The E-Commerce and Social Media has become the new identity for millions of users across the globe. Ease of services for Shopping, Travel, Internet Banking, Social Media, chat and collaboration Apps etc. have become part of one’s life where these identities have name, media content, confidential notes, business projects and credit cards. Convenience and connections brings the ease of connectivity and services so does come the concerns related to unauthorized usage and fraudulent transactions that could be lead to loss of money, time, emotions and even life. Web defacement, fake accounts, account hijacking, account lock and unavailability of services has become a common online news and distress for many. There are different Web Attacks and exploits that have sprung up with time and usage for different type of illegal actions performed everyday online. Cross Site Request Forgery Attack is one of the Web top 10 exploited attacks for the past 5 years (Source OSWAP) which can maliciously exploit online services, where unauthorized actions are performed by the fraudulent user on behalf of a trusted and authenticated account for website. It forces the victim user to perform some unauthorized activity on behalf of attacker request. This research work focuses on a new Hybrid strategy that will enhance the server side protection against CSRF attacks. CSRF Gateway, is the proposed solution which provides the Server Side protection against Cross Site Request Forgery (CSRF) Attack.

Highlights

  • Cross Site Request Forgery (CSRF) is known as “Session Riding” or “One Click Attack”

  • In contrast other wellknown web security attacks such as Cross Site Scripting (XSS) or SQL Injection and Cross Site Request Forgery (CSRF) are appears to be a problem known to the web developers [3]

  • In this paper, proposed solution called as CSRF Gateway, which provides the Server Side protection to the most Open Source Web Applications

Read more

Summary

Introduction

Cross Site Request Forgery (CSRF) is known as “Session Riding” or “One Click Attack” This attack is a Malicious Exploit type of attack against web application users. First one is launched from malicious site to a trustful website In this type, attacker can only send HTTP request to an authentic website but no secret information can be obtained from the true website. The other type of CSRF attack is based on JavaScript and AJAX It is called the “Multi Stage CSRF attack”, which involves a malicious script that generates multiple HTTP requests and secretly sends the generated HTTP requests asynchronously in the background. In this paper, proposed solution called as CSRF Gateway, which provides the Server Side protection to the most Open Source Web Applications This solution is intended to demonstrate the working of CSRF Attack using different Attack Vectors on the real world examples. This gateway methodology demonstration will provide the clear picture about the subject, so that it will create a better picture to understand the defensive mechanisms [4]

Related Work
Section A: Attack detection framework
Section B: Visibility checking
Section C: Content checking
Section D: Attack detection coverage and attribute checks
Pre- or post-rendering
Limiting the lifetime of authentication cookies
Force user to use your form
Proposed Methodology
Results and Conclusions
Future Work
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call