Evolution of cross site request forgery attacks |
| |
Authors: | Renaud Feil Louis Nyffenegger |
| |
Affiliation: | (1) Hervé Schauer Consultants, 4bis, rue de la gare, 92300 Levallois-Perret, France |
| |
Abstract: | This paper presents a state of the art of cross-site request forgery (CSRF) attacks and new techniques which can be used by
potential intruders to make them more effective. Several attack scenarios on widely used web applications are discussed, and
a vulnerability which affect most recent browsers is explained. This vulnerability makes it possible to perform effective
CSRF attacks using the XMLHTTPRequest object. In addition, this paper describes a new technique that preserves the malicious code on the target system even after
the browser window is closed. Lastly, best solutions to prevent these attacks are discussed to enable everyone (users, browser
or Web applications developers, professionals in charge of IT security in an organization or a company) to prevent or manage
this threat. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|