Cross-Site Request Forgery (CSRF) is considered one of the top vulnerabilities in today’s web, where an untrusted website can force the user browser to send an unauthorized valid request to the trusted site. Legitimate users will lose their integrity over the website when the CSRF takes place. So far, many solutions have been proposed for the CSRF attacks such as the referrer HTTP header, custom HTTP header, origin header, client site proxy, a browser plug-in, and random token validation, but in this research, the use of random token validation to solve the problem of CSRF attacks was implemented. The proposed solution in the study used a concept known as Nonce which is a type of random token attached to requests sent over a server. This solution proved to be effective enough to protect and prevent web applications from CSRF attacks. Although no system can be secured against attacks, this study recommends that the random token validation (Nonce) approach of protecting web applications should be adopted by all web applications developers and users to improve on the already established solutions to reduce the chances of attacks on web applications to a very slim percentage, if not eliminated.
Read full abstract