UPM Institutional Repository

Overview of cross site request forgery and client-side protection


Citation

Yaakob, Razali and Joozdani, Mohsen and Abdullah @ Selimun, Mohd Taufik and Abdullah, Azizol (2013) Overview of cross site request forgery and client-side protection. International Journal Computer Technology and Applications, 4 (4). pp. 706-709. ISSN 2229-6093

Abstract

As long as internet and web application are a part of our lives to let us to live as easy as we moved like: online market, online bank, online shop and many more, it take attention of malicious to take an advantage of our easy life. Lately there are many types of attacks on web application but so far mostly focused Cross Site Scripting and SQL injection attacks. However there is less attention to prevent Cross Site Request. Cross Site Request Forgery permits malicious to make a request on behalf of user without his/her knowledge. The attack used the authentication between the target website and user through the internet browser. In this paper we would present how Cross Site Request forgery attack works. In additional we present our approach to mitigate Cross Site Request forgery by PCSRF Framework (Prevent Cross Site Request forgery) on Firefox. We propose client side protection. We had experimental test of our framework functionality. From 134 numbers of attacks which contains Post, Get and other methods, we successfully managed to prevent over 79% of attack through three different test sections.


Download File

[img]
Preview
PDF (Abstract)
Overview of cross site request forgery and client.pdf

Download (83kB) | Preview

Additional Metadata

Item Type: Article
Divisions: Faculty of Computer Science and Information Technology
Publisher: Technopark Publications
Keywords: Cross site request forgery; Cross site request; Client-side protection; Internet; Web application
Depositing User: Nurul Ainie Mokhtar
Date Deposited: 15 May 2015 02:26
Last Modified: 08 Jun 2016 08:40
URI: http://psasir.upm.edu.my/id/eprint/30572
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item