Preventive measures for cross site request forgery attacks on Web-based Applications

Emil Semastin, Sami Azam, Bharanidharan Shanmugam, Krishnan Kannoorpatti, Mirjam Jonkman, Ganthan Narayana Samy, Sundresan Perumal

Research output: Contribution to journalArticleResearchpeer-review

29 Downloads (Pure)

Abstract

Today's contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.

Original languageEnglish
Pages (from-to)130-134
Number of pages5
JournalInternational Journal of Engineering and Technology(UAE)
Volume7
Issue number4.15
DOIs
Publication statusPublished - 2018

Fingerprint

World Wide Web
Research
Web services
Websites
Industry
Servers

Cite this

@article{2ece314fccd548c9af2a02227b97a2aa,
title = "Preventive measures for cross site request forgery attacks on Web-based Applications",
abstract = "Today's contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.",
keywords = "CSRF, CSRF Prevention, CSRF Tester, Hidden Token, Web Application Vulnerabilities",
author = "Emil Semastin and Sami Azam and Bharanidharan Shanmugam and Krishnan Kannoorpatti and Mirjam Jonkman and Samy, {Ganthan Narayana} and Sundresan Perumal",
year = "2018",
doi = "10.14419/ijet.v7i4.15.21434",
language = "English",
volume = "7",
pages = "130--134",
journal = "International Journal of Engineering and Technology(UAE)",
issn = "2227-524X",
publisher = "Science Publishing Corporation Inc",
number = "4.15",

}

Preventive measures for cross site request forgery attacks on Web-based Applications. / Semastin, Emil; Azam, Sami; Shanmugam, Bharanidharan; Kannoorpatti, Krishnan; Jonkman, Mirjam; Samy, Ganthan Narayana; Perumal, Sundresan.

In: International Journal of Engineering and Technology(UAE), Vol. 7, No. 4.15, 2018, p. 130-134.

Research output: Contribution to journalArticleResearchpeer-review

TY - JOUR

T1 - Preventive measures for cross site request forgery attacks on Web-based Applications

AU - Semastin, Emil

AU - Azam, Sami

AU - Shanmugam, Bharanidharan

AU - Kannoorpatti, Krishnan

AU - Jonkman, Mirjam

AU - Samy, Ganthan Narayana

AU - Perumal, Sundresan

PY - 2018

Y1 - 2018

N2 - Today's contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.

AB - Today's contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.

KW - CSRF

KW - CSRF Prevention

KW - CSRF Tester

KW - Hidden Token

KW - Web Application Vulnerabilities

UR - http://www.scopus.com/inward/record.url?scp=85054678384&partnerID=8YFLogxK

U2 - 10.14419/ijet.v7i4.15.21434

DO - 10.14419/ijet.v7i4.15.21434

M3 - Article

VL - 7

SP - 130

EP - 134

JO - International Journal of Engineering and Technology(UAE)

JF - International Journal of Engineering and Technology(UAE)

SN - 2227-524X

IS - 4.15

ER -