期刊名称:International Journal of Information and Network Security (IJINS)
印刷版ISSN:2089-3299
出版年度:2012
卷号:1
期号:3
页码:171-180
DOI:10.11591/ijins.v1i3.707
语种:English
出版社:Institute of Advanced Engineering and Science
摘要:Cross Site Request Forgery (CSRF) attack is immerged as serious threat to web applications which based on the vulnerabilities present in the normal request response pattern of HTTP protocol. It is difficult to detect and hence it is present in most of the existing web applications. Various defensive mechanisms have been suggested for CSRF but none of them provides complete protection against it. Few of these are client side tools and other needs both client as well as server side implementation. Maximum of these works for Reflected CSRF and very few has taken a note of stored CSRF. So to handle protect web applications securely, strong and client side protection against CSRF is needed. In this paper we have proposed CSRF defensive tool which provide complete CSRF protection. This is client side tool and not disturbs server side functionality. It can be implemented on browser as a plug-in. This tool works for both stored as well as reflected CSRF attack.
