Where We Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks-Reference-Cited by-同舟云学术

Where We Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks

Published:2021-10-06 Issue: Volume: Page:
ISSN:
Container-title:24th International Symposium on Research in Attacks, Intrusions and Defenses
language:
Short-container-title:

Author:

Likaj Xhelal¹,Khodayari Soheil²,Pellegrino Giancarlo²

Affiliation:

1. Saarland University, Germany

2. CISPA Helmholtz Center for Information Security, Germany

Publisher

ACM

Link

https://dl.acm.org/doi/pdf/10.1145/3471621.3471846

Reference133 articles.

1. [n.d.]. CakePHP Documentation: Routing. https://book.cakephp.org/3/en/development/routing.html#routes-configuration. [n.d.]. CakePHP Documentation: Routing. https://book.cakephp.org/3/en/development/routing.html#routes-configuration.

2. [n.d.]. Common CSRF prevention misconceptions. https://www.nccgroup.com/uk/about-us/newsroom-and-events/blogs/2017/september/common-csrf-prevention-misconceptions/. [n.d.]. Common CSRF prevention misconceptions. https://www.nccgroup.com/uk/about-us/newsroom-and-events/blogs/2017/september/common-csrf-prevention-misconceptions/.

3. [n.d.]. Common Weakness Enumeration: A Community-Developed List of Software & Hardware Weakness Types. https://cwe.mitre.org/data/definitions/352.html. [n.d.]. Common Weakness Enumeration: A Community-Developed List of Software & Hardware Weakness Types. https://cwe.mitre.org/data/definitions/352.html.

4. [n.d.]. Cryptographic Storage Cheat Sheet. https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html. [n.d.]. Cryptographic Storage Cheat Sheet. https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html.

5. [n.d.]. CVE-2010-5084. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5084. [n.d.]. CVE-2010-5084. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5084.

Cited by 10 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. CSRFing the SSO Waves: Security Testing of SSO-Based Account Linking Process;2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P);2024-07-08

2. The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the Web;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

3. Securing Cross-Site Request Forgery Vulnerabilities in Web Applications Using Mutation Analysis;2024 2nd International Conference on Software Engineering and Information Technology (ICoSEIT);2024-02-28

4. Honey, I Cached our Security Tokens Re-usage of Security Tokens in the Wild;Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses;2023-10-16

5. Security Analysis of Web Open-Source Projects Based on Java and PHP;Electronics;2023-06-10