A Browser-Side Solution for Detection and Prevention of Cross-Site Request Forgery Attacks

Author

• Mary C. Henthorn

Date of Award

2007

Document Type

Thesis

Degree Name

Master of Computer and Information Science (MCIS)

Department

Computer Science

First Advisor

Remzi Seker

Abstract

The security of web-based applications concerns everyone who conducts business online. Cross-site request forgeries (CSRF) subject users, as well as applications, to attack. Cloaked by the standardized request and response interchange between browsers and web-based applications, an attacker can employ the browser as an agent to slip data into the transaction. CSRF exploits ride on session authentication and authorization, stealthily bypassing the security measures intended to form bonds of trust between the user and the application. Until CSRF protection is incorporated in all web-based applications, wary users may look for client-side protection. This thesis offers an original Firefox browser extension that effectively identifies CSRF attacks and halts their delivery to the target application. Tested against two live exploits and multiple control websites, the only warnings issued were valid. This small, unobtrusive extension may serve to silently dance around the CSRF giant until the day all critical applications are themselves secure.

Recommended Citation

Henthorn, Mary C., "A Browser-Side Solution for Detection and Prevention of Cross-Site Request Forgery Attacks" (2007). Theses and Dissertations. 11.
https://research.ualr.edu/etd/11