TY - JOUR
T1 - Preventive measures for cross site request forgery attacks on Web-based Applications
AU - Semastin, Emil
AU - Azam, Sami
AU - Shanmugam, Bharanidharan
AU - Kannoorpatti, Krishnan
AU - Jonkman, Mirjam
AU - Samy, Ganthan Narayana
AU - Perumal, Sundresan
PY - 2018
Y1 - 2018
N2 - Today's contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.
AB - Today's contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.
KW - CSRF
KW - CSRF Prevention
KW - CSRF Tester
KW - Hidden Token
KW - Web Application Vulnerabilities
UR - http://www.scopus.com/inward/record.url?scp=85054678384&partnerID=8YFLogxK
U2 - 10.14419/ijet.v7i4.15.21434
DO - 10.14419/ijet.v7i4.15.21434
M3 - Article
AN - SCOPUS:85054678384
SN - 2227-524X
VL - 7
SP - 130
EP - 134
JO - International Journal of Engineering and Technology(UAE)
JF - International Journal of Engineering and Technology(UAE)
IS - 4.15
ER -