| CRSF攻击机制及防御策略研究 |
| |
| 引用本文: | 龚宇,周安民,李娟.CRSF攻击机制及防御策略研究[J].信息安全与通信保密,2014(1):72-74. |
| |
| 作者姓名: | 龚宇 周安民 李娟 |
| |
| 作者单位: | 四川大学电子信息学院,四川成都610065 |
| |
| 摘 要: | 跨站点请求伪造(Cross—Site Request Forgery)是一种互联网上广泛存在的网络攻击,它通过第三方伪造用户请求来欺骗服务器端,达到冒充用户身份、行使用户权利的目的。文中通过分析跨站点请求伪造攻击的原理,并模拟其攻击过程、解析攻击产生的原因来向读者详细介绍此类攻击的特点,并从服务器端和客户端两个方向讨论了防御此类攻击的策略。
|
| 关 键 词: | 请求伪造 输入过滤 随机参数 双向验证 |
CSRF Attack Mechanism and Defense Strategy |
| |
| GONG Yu,ZHOU An-min,LI Juan.CSRF Attack Mechanism and Defense Strategy[J].China Information Security,2014(1):72-74. |
| |
| Authors: | GONG Yu ZHOU An-min LI Juan |
| |
| Affiliation: | (School of Electronics and Information, Sichuan University, Chengdu Sichuan 610065, China) |
| |
| Abstract: | Cross-site request forgery is a widespread network attack on the Internet. Through request forgery by the third party, this attack deceives the server, passes itself off as the user and exercises the rights of the users. This paper describes the characteristics of CSRF and analyzes the principle of CSRF. And meanwhile simulation on the attack process and exploration on the cause of this attack are also done, and the defense strategies against this attack discussed from both server and client sides. |
| |
| Keywords: | request forgery input filter random parameter two-way authentication |
| 本文献已被 CNKI 维普 等数据库收录! |
