|
|
 |
|
Viewing report
|
|
|
|
Detection and Prevention of Cross-Site Request Forgery Attacks. Edition No. 1
VDM Publishing House, June 2008, Pages: 36
The security of web-based applications concerns everyone who conducts business online. Cross-site request forgeries (CSRF) subject users, as well as applications, to attack. Cloaked by the standardized request and response interchange between browsers and web-based applications, an attacker can employ the browser as an agent to slip data into the transaction. CSRF exploits ride on session authentication and authorization, stealthily bypassing the security measures intended to form bonds of trust between the user and the application. Until CSRF protection is incorporated in all web- based applications, wary users may look for client- side protection. This publication presents an original Firefox browser extension that effectively identifies CSRF attacks and halts their delivery to the target application. Development and testing against two live exploits and multiple control websites are fully described. This small, unobtrusive extension may serve to silently dance around the CSRF giant until the day all critical applications are themselves secure.
|
|
|
|
