Title | ||
---|---|---|
A new WAF-based architecture for protecting web applications against CSRF attacks in malicious environment. |
Abstract | ||
---|---|---|
Web application tirewall is an application firewall for HTTP applications. Typical WM' uses static analysis of HTTP request, defined as a set of rules, to find potentially dangerous payloads in the requests. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection which are server-related attacks. Cross-site scripting is client side attack however the server is attacked and forced to return malicious response. Rule-based approach becomes useless when the attack is client-related, for example employing malware on the banking site. Malware allows to change the transfer data. This scenario is hard to detect because the browser displays valid transfer data and data is changed to the thieves' accounts number at the communication stage. In this paper we introduce a new web-based architecture for protecting web applications against CSRF attacks in malicious environemnt. In our approach we extend a classic, static WAF approach with historical and behavioral analysis, based on actions performed by the user in the past. |
Year | DOI | Venue |
---|---|---|
2018 | 10.15439/2018F208 | Federated Conference on Computer Science and Information Systems |
Field | DocType | ISSN |
Data mining,Computer science,Computer security,Server,Application firewall,Cross-site request forgery,Cross-site scripting,Web application,Malware,SQL injection,Scripting language | Conference | 2325-0348 |
Citations | PageRank | References |
2 | 0.35 | 0 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Michal Srokosz | 1 | 2 | 0.35 |
Damian Rusinek | 2 | 13 | 3.85 |
Bogdan Księżopolski | 3 | 96 | 16.77 |