Name
Abstract | ||
|---|---|---|
Cross-site request forgery (CSRF/XSRF) is a serious vulnerability in Web 2.0 environment. With CSRF, an adversary can spoof the payload of an HTTP request and entice the victim's browser to transmit an HTTP request to the web server. Consequently, the server cannot determine legitimacy of the HTTP request. This paper presents a light-weight CSRF prevention method by introducing a quarantine system to inspect suspicious scripts on the server-side. Instead of using script filtering and rewriting approach, this scheme is based on a new labeling mechanism (we called it Content Box) which enables the web server to distinguish the malicious requests from the harmless requests without the need to modify the user created contents (UCCs). Consequently, a malicious request can be blocked when it attempts to access critical web services that was defined by the web administrator. To demonstrate the effectiveness of the proposed scheme, the proposed scheme was implemented and the performance was evaluated. |
Year | DOI | Venue |
|---|---|---|
2013 | 10.1109/SERE.2013.22 | SERE |
Keywords | Field | DocType |
content box,ucc,web administrator,web server,light-weight csrf prevention method,web services,web 2.0,user-created contents,web 2.0 environment,critical web service,critical web services,script rewriting approach,rewriting systems,xsrf,http request,quarantine system,harmless request,file servers,light-weight csrf protection,malicious requests,proposed scheme,malicious request,light-weight,copy protection,user-created content labeling mechanism,script filtering approach,cross-site request forgery,hypermedia,suspicious script inspection,security of data,html,cross site request forgery,web pages,labeling,web servers,filtering,web 2 0 | Static web page,Web API,World Wide Web,Web page,Computer security,Computer science,JSONP,Cross-site request forgery,Rewrite engine,Web service,Web server | Conference |
ISSN | ISBN | Citations |
2378-3877 | 978-1-4799-0406-8 | 0 |
PageRank | References | Authors |
0.34 | 14 | 5 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Yin-Chang Sung | 1 | 0 | 0.34 |
| Michael Cheng Yi Cho | 2 | 0 | 0.34 |
| Chi-Wei Wang | 3 | 26 | 4.37 |
| Chia-Wei Hsu | 4 | 65 | 8.44 |
| Shiuh-Pyng Shieh | 5 | 621 | 107.56 |