Loading…
CSRFDtool: Automated Detection and Prevention of a Reflected Cross-Site Request Forgery
The number of Internet users is dramatically increased every year. Most of these users are exposed to the dangers of attackers in one way or another. The reason for this lies in the presence of many weaknesses that are not known for ordinary users. In addition, the lack of user awareness is consider...
Saved in:
| Published in: | International journal of information engineering and electronic business 2014-10, Vol.6 (5), p.10-15 |
|---|---|
| Main Authors: | , , , |
| Format: | Article |
| Language: | English |
| Citations: | Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c1612-60adffa3729add7096a5a86247ebbfd2dd743ab2eb8ac0439f0188410f0275f83 |
|---|---|
| cites | |
| container_end_page | 15 |
| container_issue | 5 |
| container_start_page | 10 |
| container_title | International journal of information engineering and electronic business |
| container_volume | 6 |
| creator | Batarfi, Omar A Alshiky, Aisha M Almarzuki, Alaa A Farraj, Nora A |
| description | The number of Internet users is dramatically increased every year. Most of these users are exposed to the dangers of attackers in one way or another. The reason for this lies in the presence of many weaknesses that are not known for ordinary users. In addition, the lack of user awareness is considered as the main reason for falling into the attackers' snares. Cross Site Request Forgery (CSRF) has placed in the list of the most dangerous threats to security in OWASP Top Ten for 2013. CSRF is an attack that forces the user's browser to send or perform unwanted request or action without user awareness by exploiting a valid session between the browser and the server. When CSRF attack success, it leads to many bad consequences. An attacker may reach private and personal information and modify it. This paper aims to detect and prevent a specific type of CSRF, called reflected CSRF. In a reflected CSRF, a malicious code could be injected by the attackers. This paper explores how CSRF Detection Extension prevents the reflected CSRF by checking browser specific information. Our evaluation shows that the proposed solution is successful in preventing this |
| doi_str_mv | 10.5815/ijieeb.2014.05.02 |
| format | article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_1769787371</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3968781161</sourcerecordid><originalsourceid>FETCH-LOGICAL-c1612-60adffa3729add7096a5a86247ebbfd2dd743ab2eb8ac0439f0188410f0275f83</originalsourceid><addsrcrecordid>eNo9kE1Lw0AQhhdRsNT-AG8Bz4mzH8luvJXUqlBQWsXjsklmJaXN1s1W6L9324pzma-XmZeHkFsKWa5oft-tO8Q6Y0BFBnkG7IKMGEiRlsDp5X_N-DWZDMMaYhRMCgUj8lmtlvNZcG7zkEz3wW1NwDaZYcAmdK5PTN8mbx5_sD-1ziYmWaLdxHXUVd4NQ7rqAsbh9x6HkMyd_0J_uCFX1mwGnPzlMfmYP75Xz-ni9emlmi7ShhaUpQWY1lrDJStN20ooC5MbVTAhsa5ty-JMcFMzrJVpQPDSAlVKULDAZG4VH5O7892ddycDeu32vo8vNZVFKZXkkkYVPauao2GPVu98tzX-oCnoI0J9RqiPCDXkOrL6BY-CZOo</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1769787371</pqid></control><display><type>article</type><title>CSRFDtool: Automated Detection and Prevention of a Reflected Cross-Site Request Forgery</title><source>ProQuest - Publicly Available Content Database</source><creator>Batarfi, Omar A ; Alshiky, Aisha M ; Almarzuki, Alaa A ; Farraj, Nora A</creator><creatorcontrib>Batarfi, Omar A ; Alshiky, Aisha M ; Almarzuki, Alaa A ; Farraj, Nora A ; King AbdulAziz University/Faculty of Computing and Information Technology Jeddah, 21542, Saudi Arabia</creatorcontrib><description>The number of Internet users is dramatically increased every year. Most of these users are exposed to the dangers of attackers in one way or another. The reason for this lies in the presence of many weaknesses that are not known for ordinary users. In addition, the lack of user awareness is considered as the main reason for falling into the attackers' snares. Cross Site Request Forgery (CSRF) has placed in the list of the most dangerous threats to security in OWASP Top Ten for 2013. CSRF is an attack that forces the user's browser to send or perform unwanted request or action without user awareness by exploiting a valid session between the browser and the server. When CSRF attack success, it leads to many bad consequences. An attacker may reach private and personal information and modify it. This paper aims to detect and prevent a specific type of CSRF, called reflected CSRF. In a reflected CSRF, a malicious code could be injected by the attackers. This paper explores how CSRF Detection Extension prevents the reflected CSRF by checking browser specific information. Our evaluation shows that the proposed solution is successful in preventing this</description><identifier>ISSN: 2074-9023</identifier><identifier>EISSN: 2074-9031</identifier><identifier>DOI: 10.5815/ijieeb.2014.05.02</identifier><language>eng</language><publisher>Hong Kong: Modern Education and Computer Science Press</publisher><ispartof>International journal of information engineering and electronic business, 2014-10, Vol.6 (5), p.10-15</ispartof><rights>Copyright Modern Education and Computer Science Press Oct 2014</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c1612-60adffa3729add7096a5a86247ebbfd2dd743ab2eb8ac0439f0188410f0275f83</citedby></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.proquest.com/docview/1769787371?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>315,786,790,25783,27957,27958,37047,44625</link.rule.ids></links><search><creatorcontrib>Batarfi, Omar A</creatorcontrib><creatorcontrib>Alshiky, Aisha M</creatorcontrib><creatorcontrib>Almarzuki, Alaa A</creatorcontrib><creatorcontrib>Farraj, Nora A</creatorcontrib><creatorcontrib>King AbdulAziz University/Faculty of Computing and Information Technology Jeddah, 21542, Saudi Arabia</creatorcontrib><title>CSRFDtool: Automated Detection and Prevention of a Reflected Cross-Site Request Forgery</title><title>International journal of information engineering and electronic business</title><description>The number of Internet users is dramatically increased every year. Most of these users are exposed to the dangers of attackers in one way or another. The reason for this lies in the presence of many weaknesses that are not known for ordinary users. In addition, the lack of user awareness is considered as the main reason for falling into the attackers' snares. Cross Site Request Forgery (CSRF) has placed in the list of the most dangerous threats to security in OWASP Top Ten for 2013. CSRF is an attack that forces the user's browser to send or perform unwanted request or action without user awareness by exploiting a valid session between the browser and the server. When CSRF attack success, it leads to many bad consequences. An attacker may reach private and personal information and modify it. This paper aims to detect and prevent a specific type of CSRF, called reflected CSRF. In a reflected CSRF, a malicious code could be injected by the attackers. This paper explores how CSRF Detection Extension prevents the reflected CSRF by checking browser specific information. Our evaluation shows that the proposed solution is successful in preventing this</description><issn>2074-9023</issn><issn>2074-9031</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2014</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><recordid>eNo9kE1Lw0AQhhdRsNT-AG8Bz4mzH8luvJXUqlBQWsXjsklmJaXN1s1W6L9324pzma-XmZeHkFsKWa5oft-tO8Q6Y0BFBnkG7IKMGEiRlsDp5X_N-DWZDMMaYhRMCgUj8lmtlvNZcG7zkEz3wW1NwDaZYcAmdK5PTN8mbx5_sD-1ziYmWaLdxHXUVd4NQ7rqAsbh9x6HkMyd_0J_uCFX1mwGnPzlMfmYP75Xz-ni9emlmi7ShhaUpQWY1lrDJStN20ooC5MbVTAhsa5ty-JMcFMzrJVpQPDSAlVKULDAZG4VH5O7892ddycDeu32vo8vNZVFKZXkkkYVPauao2GPVu98tzX-oCnoI0J9RqiPCDXkOrL6BY-CZOo</recordid><startdate>20141008</startdate><enddate>20141008</enddate><creator>Batarfi, Omar A</creator><creator>Alshiky, Aisha M</creator><creator>Almarzuki, Alaa A</creator><creator>Farraj, Nora A</creator><general>Modern Education and Computer Science Press</general><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7XB</scope><scope>8AL</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>BVBZV</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>L6V</scope><scope>M0N</scope><scope>M7S</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>Q9U</scope></search><sort><creationdate>20141008</creationdate><title>CSRFDtool: Automated Detection and Prevention of a Reflected Cross-Site Request Forgery</title><author>Batarfi, Omar A ; Alshiky, Aisha M ; Almarzuki, Alaa A ; Farraj, Nora A</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c1612-60adffa3729add7096a5a86247ebbfd2dd743ab2eb8ac0439f0188410f0275f83</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2014</creationdate><toplevel>online_resources</toplevel><creatorcontrib>Batarfi, Omar A</creatorcontrib><creatorcontrib>Alshiky, Aisha M</creatorcontrib><creatorcontrib>Almarzuki, Alaa A</creatorcontrib><creatorcontrib>Farraj, Nora A</creatorcontrib><creatorcontrib>King AbdulAziz University/Faculty of Computing and Information Technology Jeddah, 21542, Saudi Arabia</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>Computing Database (Alumni Edition)</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>AUTh Library subscriptions: ProQuest Central</collection><collection>Technology Collection</collection><collection>East & South Asia Database</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection (Proquest) (PQ_SDU_P3)</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>ProQuest Engineering Collection</collection><collection>Computing Database</collection><collection>ProQuest Engineering Database</collection><collection>ProQuest Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>ProQuest - Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>ProQuest Central Basic</collection><jtitle>International journal of information engineering and electronic business</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Batarfi, Omar A</au><au>Alshiky, Aisha M</au><au>Almarzuki, Alaa A</au><au>Farraj, Nora A</au><aucorp>King AbdulAziz University/Faculty of Computing and Information Technology Jeddah, 21542, Saudi Arabia</aucorp><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>CSRFDtool: Automated Detection and Prevention of a Reflected Cross-Site Request Forgery</atitle><jtitle>International journal of information engineering and electronic business</jtitle><date>2014-10-08</date><risdate>2014</risdate><volume>6</volume><issue>5</issue><spage>10</spage><epage>15</epage><pages>10-15</pages><issn>2074-9023</issn><eissn>2074-9031</eissn><abstract>The number of Internet users is dramatically increased every year. Most of these users are exposed to the dangers of attackers in one way or another. The reason for this lies in the presence of many weaknesses that are not known for ordinary users. In addition, the lack of user awareness is considered as the main reason for falling into the attackers' snares. Cross Site Request Forgery (CSRF) has placed in the list of the most dangerous threats to security in OWASP Top Ten for 2013. CSRF is an attack that forces the user's browser to send or perform unwanted request or action without user awareness by exploiting a valid session between the browser and the server. When CSRF attack success, it leads to many bad consequences. An attacker may reach private and personal information and modify it. This paper aims to detect and prevent a specific type of CSRF, called reflected CSRF. In a reflected CSRF, a malicious code could be injected by the attackers. This paper explores how CSRF Detection Extension prevents the reflected CSRF by checking browser specific information. Our evaluation shows that the proposed solution is successful in preventing this</abstract><cop>Hong Kong</cop><pub>Modern Education and Computer Science Press</pub><doi>10.5815/ijieeb.2014.05.02</doi><tpages>6</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 2074-9023 |
| ispartof | International journal of information engineering and electronic business, 2014-10, Vol.6 (5), p.10-15 |
| issn | 2074-9023 2074-9031 |
| language | eng |
| recordid | cdi_proquest_journals_1769787371 |
| source | ProQuest - Publicly Available Content Database |
| title | CSRFDtool: Automated Detection and Prevention of a Reflected Cross-Site Request Forgery |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-09-22T07%3A28%3A39IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=CSRFDtool:%20Automated%20Detection%20and%20Prevention%20of%20a%20Reflected%20Cross-Site%20Request%20Forgery&rft.jtitle=International%20journal%20of%20information%20engineering%20and%20electronic%20business&rft.au=Batarfi,%20Omar%20A&rft.aucorp=King%20AbdulAziz%20University/Faculty%20of%20Computing%20and%20Information%20Technology%20Jeddah,%2021542,%20Saudi%20Arabia&rft.date=2014-10-08&rft.volume=6&rft.issue=5&rft.spage=10&rft.epage=15&rft.pages=10-15&rft.issn=2074-9023&rft.eissn=2074-9031&rft_id=info:doi/10.5815/ijieeb.2014.05.02&rft_dat=%3Cproquest_cross%3E3968781161%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c1612-60adffa3729add7096a5a86247ebbfd2dd743ab2eb8ac0439f0188410f0275f83%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=1769787371&rft_id=info:pmid/&rfr_iscdi=true |