Abstract

Cross Site Request Forgery is considered as one of top vulnerability in today's web, where an untrusted website can force the user browser to send the unauthorized valid request to the trusted site. Cross Site Request Forgery will let the integrity of the legitimate user. So far many solutions have been proposed for the CSRF attacks such as the referrer HTTP Header, Custom HTTP header, Origin Header, client site proxy, Browser plug-in and Random Token Validation. But existing solutions is not so immune as to avoid this attack. All the solutions are partially protected only. This paper focuses on describing the implementation of various possible cross site request forgery methods and describing the pitfalls in the various preventive techniques of cross site request forgery and so we suggested some defense mechanism to prevent this vulnerability.

References

• A. Barth, C. Jackson, and J. C. Mitchell. "Robust defenses For cross site request forgery". In Proc. ACM Conference on Computer and Communications Security (CCS), Oct, 2008.
• Cross-Site Request Forgery. www. owasp. org/index. php/CrossSite_Request_Forgery, May, 2009.
• J. Burns. Cross Site Reference Forgery: An introduction to A common web application weakness. http://www. isecpartners. com/documents/XSRF_Paper. pdf, 2005.
• M. Johns and J. Winter, "RequestRodeo: Client Side Protection against Session Riding," In Proc. of the OWASP Europe Conference, Leuven, Belgium, May 2006.
• Mohd. Shadab Siddiqui and Deepanker Verma,"Cross Site Request Forgery: A common web application weakness", IEEE Conference and white paper, 2011.
• Nenad Jovanovic, Engin Kirda, and Christopher Kruegel. "Preventing cross site request forgery attacks". In IEEE International Conference on Security and Privacy in Communication Networks (SecureComm), 2006.
• OWASP. Top ten most critical web application security vulnerabilities. https://www. owasp. org/index. php/Top_10_2013-Top_10. Forgeries. www. securityfocus. com/archive/1/19S90,2001.
• Ramarao R. Tool "preventing image based CSRF attacks". http://isea. nitk. ac. in/rod/csrf/PreventImageCSRF/. May, 2009.
• Sooel Son, "Prevent Cross site Request Forgery PCRF"userweb. cs. utexas. edu/~samuel/PCRF/Final_PCRF_paper. pdf.
• Tatiana Alexenko Mark Jenne suman Deb Roy and Wenjun Zeng," Cross-Site Request Forgery: Attack and Defense". In Proc. IEEE Communications Society (CCNC), 2010.
• W. Zeller and E. W. Felten, "Cross-Site Request Forgeries: Exploitation and Prevention," Technical Report, Princeton University, 2008.
• E. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic. Noxes, "A Client-Side Solution for Mitigating Cross Site Scripting Attacks", Proceedings of the 21st ACM Symposium on Applied Computing, 2006.
• Sapna Choudhary, Bhupendra Singh Thakur, "DES Encryption and Attack detection in Client-Server Communication", International Journal of Advanced Research in Computer Science and Software Engineering. Volume 4, Issue 3, March 2014.
• B. S. Y. Fung, "A Fine-Grained Defense Mechanism against general Request Forgery Attacks", In Proc. of IEEE/IFIP DSN Student Forum, 2011.
• Luis von Ahn, Nick Hopper Manuel Blum, and John Langford, "CAPTCHA: Using hard AI problems for security", In Eurocrypt 2003.
• Sentamilselvan K, S Lakshmana Pandian, Dr. K. Sathiyamurthy. "Survey on Cross Site Request Forgery. " IEEE International Conference on Research and Development Prospects on Engineering and Technology (IEEE ICRDPET-2013). Vol. 5. No. 5. IEEE, 2013.
• Sentamilselvan K, Prasath T. "A conceptual study of Cross Site Request Forgery with comprehensive scrutiny. " International Research Journal Of Sustainable Science & Engineering 1. ISSN: 2347-6176 Issue:1 (2014): 1-6.