Cross-Site Request Forgery Attacks and Preventions

Authors

  • Muhammad Sajjad
  • Aasir Mehmood
  • Dr. Muhammad Saifullah
  • Junaid Iqbal Baig

Abstract

CSRF stands for Cross-Site Request Forgery, which is among the top web vulnerabilities in which the attacker maliciously exploits a website using victims’ credentials and sends unauthorized actions/calls on a trusted web application. In Cross-site request forgery, the attacker sends a malicious forged link to the user. Upon clicking, the forged request is sent on behalf of the user which results in data leakage. Till today, numerous defense mechanisms (on both the client and server sides) have been proposed as the result of increasing attacks and leakage of personal data. Such mechanisms include HTTP header, validation of random tokens, hybrid-model HTTP and content analysis, client-server proxy, and so on. However, even today, such attacks exist and occur. This report analyzes various existing defense mechanisms and models, critically assesses each of them, and addresses the voids in each of them. It also describes how combining two mechanisms help overcome the flaws.

Downloads

Published

2024-05-24

How to Cite

Sajjad, M., Mehmood, A., Saifullah , D. M., & Iqbal Baig, J. . (2024). Cross-Site Request Forgery Attacks and Preventions. Journal of Computers and Intelligent Systems, 2(2), 67–72. Retrieved from https://journals.iub.edu.pk/index.php/JCIS/article/view/2804

Issue

Vol. 2 No. 2 (2024): J. of Comp. & Int. Sys.

Section

Articles

Most read articles by the same author(s)