Paper Info
Title
A new WAF-based architecture for protecting web applications against CSRF attacks in malicious environment.
Abstract
Web application tirewall is an application firewall for HTTP applications. Typical WM' uses static analysis of HTTP request, defined as a set of rules, to find potentially dangerous payloads in the requests. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection which are server-related attacks. Cross-site scripting is client side attack however the server is attacked and forced to return malicious response. Rule-based approach becomes useless when the attack is client-related, for example employing malware on the banking site. Malware allows to change the transfer data. This scenario is hard to detect because the browser displays valid transfer data and data is changed to the thieves' accounts number at the communication stage. In this paper we introduce a new web-based architecture for protecting web applications against CSRF attacks in malicious environemnt. In our approach we extend a classic, static WAF approach with historical and behavioral analysis, based on actions performed by the user in the past.
Year
DOI
Venue
2018
10.15439/2018F208
Federated Conference on Computer Science and Information Systems
Field
DocType
ISSN
Data mining,Computer science,Computer security,Server,Application firewall,Cross-site request forgery,Cross-site scripting,Web application,Malware,SQL injection,Scripting language
Conference
2325-0348
Citations 
PageRank 
References 
2
0.35
0
Authors
3
Name
Order
Citations
PageRank
Michal Srokosz120.35
Damian Rusinek2133.85
Bogdan Księżopolski39616.77