Study of Cross-Site Request Forgery on Web-Based Application: Exploitations and Preventions

Abstract

Cross-Site Request Forgery (CSRF) is a prominent web exploit that continues to pose significant security risks, even on highly ranked websites. This research focuses on identifying the underlying vulnerability, understanding the techniques employed, and proposing effective preventive measures. The hybrid method which is systematic report review method and lab-based scenarios method is conducted to identify CSRF exploitation and prevention mechanisms. Using a scenario-based testing approach, this study investigated the cause and effect of CSRF attacks, uncovering numerous techniques for exploiting this vulnerability. Based on the report review, 35 CSRF vulnerability reports from the Hacker one Bug Bounty Platform are analyzed. The result shows there is a lack of awareness and implementation of primary defenses, resulting in a high violation of end-user data integrity. The result also extensively describes some of the profound causes and effects of CSRF attacks and uncovers a broad range of techniques for exploiting this vulnerability. Furthermore, this study provides actionable recommendations to enhance system security and raise awareness among developers and users. The findings from this research serve as a valuable resource for improving security practices and mitigating CSRF attacks.