Mao et al., 2009 - Google Patents
Defeating cross-site request forgery attacks with browser-enforced authenticity protectionMao et al., 2009
View PDF- Document ID
- 278981578278747531
- Author
- Mao Z
- Li N
- Molloy I
- Publication year
- Publication venue
- International Conference on Financial Cryptography and Data Security
External Links
Snippet
A cross site request forgery (CSRF) attack occurs when a user's web browser is instructed by a malicious webpage to send a request to a vulnerable web site, resulting in the vulnerable web site performing actions not intended by the user. CSRF vulnerabilities are very …
- 230000001960 triggered 0 abstract description 4
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Mao et al. | Defeating cross-site request forgery attacks with browser-enforced authenticity protection | |
| Barth et al. | Robust defenses for cross-site request forgery | |
| Sun et al. | The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems | |
| Zeller et al. | Cross-site request forgeries: Exploitation and prevention | |
| Wang et al. | Signing me onto your accounts through facebook and google: A traffic-guided security study of commercially deployed single-sign-on web services | |
| Zheng et al. | Cookies Lack Integrity:{Real-World} Implications | |
| US8850567B1 (en) | Unauthorized URL requests detection | |
| Czeskis et al. | Lightweight server support for browser-based CSRF protection | |
| US20080028444A1 (en) | Secure web site authentication using web site characteristics, secure user credentials and private browser | |
| US8904521B2 (en) | Client-side prevention of cross-site request forgeries | |
| Siddiqui et al. | Cross site request forgery: A common web application weakness | |
| Chen et al. | Self-exfiltration: The dangers of browser-enforced information flow control | |
| Alghenaim et al. | Awareness of phishing attacks in the public sector: Review types and technical approaches | |
| Chen et al. | A Study of the Effectiveness of CSRF Guard | |
| Pranathi et al. | Attacks on web application caused by cross site scripting | |
| Wedman et al. | An analytical study of web application session management mechanisms and HTTP session hijacking attacks | |
| Blatz | Csrf: Attack and defense | |
| Telikicherla et al. | CORP: a browser policy to mitigate web infiltration attacks | |
| WO2007016869A2 (en) | Systems and methods of enhanced e-commerce,virus detection and antiphishing | |
| Ninawe et al. | Detection of DOM-based XSS attack on web application | |
| Kour | A Study On Cross-Site Request Forgery Attack And Its Prevention Measures | |
| Sentamilselvan et al. | Survey on cross site request forgery | |
| Zhou et al. | Strengthening XSRF defenses for legacy web applications using whitebox analysis and transformation | |
| Singh | Detecting and prevention cross–site scripting techniques | |
| Gupta et al. | Server side protection against cross site request forgery usingcsrf gateway |