An Enhanced Mechanism for Protecting Web Applications from Cross Site Request Forgery (CSRF)-Reference-Cited by-同舟云学术

An Enhanced Mechanism for Protecting Web Applications from Cross Site Request Forgery (CSRF)

Published:2024-01-02 Issue:1 Volume:6 Page:1-17
ISSN:2689-5315
Container-title:British Journal of Computer, Networking and Information Technology
language:en
Short-container-title:British Journal of Computer, Networking and Information Technology

Author:

B. I. Ele.

Abstract

Cross-Site Request Forgery (CSRF) is considered one of the top vulnerabilities in today’s web, where an untrusted website can force the user browser to send an unauthorized valid request to the trusted site. Legitimate users will lose their integrity over the website when the CSRF takes place. So far, many solutions have been proposed for the CSRF attacks such as the referrer HTTP header, custom HTTP header, origin header, client site proxy, a browser plug-in, and random token validation, but in this research, the use of random token validation to solve the problem of CSRF attacks was implemented. The proposed solution in the study used a concept known as Nonce which is a type of random token attached to requests sent over a server. This solution proved to be effective enough to protect and prevent web applications from CSRF attacks. Although no system can be secured against attacks, this study recommends that the random token validation (Nonce) approach of protecting web applications should be adopted by all web applications developers and users to improve on the already established solutions to reduce the chances of attacks on web applications to a very slim percentage, if not eliminated.

Publisher

African - British Journals

Reference30 articles.

1. Sentamilsevan, K, & Prasath, T. (2014). A Comprehensive Study of Cross-Site Request Forgery with Comprehensive Scrutiny. International Journal of Suitable Science and Engineering, 2(1).

2. Sentamilsevan K, Lakshmana S. P, & Ramkumar, N. (2014). Cross-Site Request Forgery: Preventive Measures. International Journal of Computer Applications, 106(11).

3. Burns, J. (2007). Cross-Site Request Forgery: An introduction to a common web application weakness. https://www.isecpartners.com Retrieved: 29/10/2019

4. Rupali D. K., & Meshram, B. B. (2012). CSRF Vulnerabilities and Defensive Techniques. International Journal of Computer Network and Information Security, 1, 31-37.

5. Sentamilsevan K, Lakshmana S. P, & Sathiyamurthy, K. (2013). Survey on Cross-Site Request Forgery (An overview of CSRF). IEEE – International Conference on Research and Development Prospects in Engineering and Technology, 5.