Abstract
Web application security is a fundamental information security that includes security of Web sites, Web applications, and/or Web services. Advanced Web application security relies on the foundation of online security that stresses the World Wide Web and their design libraries [1, 2]. Because of the development in Web 2.0, vast information sharing through social networking and demanding business adoption over the online Web and delivering services, Web applications are frequently attacked directly. False users rather try to attack the company infrastructure or attack the users accessing the Web site by forcing them to click on the forged malicious input, because of which industry is focusing more attention to online application security along with the security of the underlying computer network and operating systems. Online Web application designing should be improved by performing security analysis and security checks during the development stages as well as throughout the software development life cycle. As compared to most of the existing systems which detect only one attack at a time with limited rules, we propose an enhanced detecting model that can detect two attacks, that is, cross-site request forgery attack and broken authentication and session management attack within the same simulation environment with updated rule libraries and also have proposed a effective test environment.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
“SWART: Secure Web Application Response Tool”, Kanika Sharma and Naresh Ku-mar, 2013 International Conference on Control, Computing, Communication and Materials (ICCCCM).
https://www.incapsula.com/web-application-security/csrf-cross-site-request-forgery.html.
“Preventing Cross-Site Request Forgery Attacks”, Nenand Jovanovic, Engin Kirda and Christopher Kruegel, Technical University of Vienna, IEEE 2006.
“Client-Side Detection of Cross-Site Forgery Attacks”, Hossain Shahriar and Mohammad Zulkernine, 2010 IEEE 21st International Symposium on Software Reliability Engineering.
“Improved CSRFGuard for CSRF Attacks Defense on Java EE Platform”, Jinxin You and Fan Guo, The 9th International Conference on Computer Science & Education (ICCSE 2014).
“Automated Detection of Session Management Vulnerabilities in Web Application”, Yusuke Takamatsu, Yuji Kosuga and Kenji Kono, 2012 Tenth Annual International Conference on privacy, Security and Trust.
“A Vulnerability Scanning Tool for Session Management Vulnerabilities”, Raymond Lukanta, Yudistira Asnar, A. Imam Kistijantoro, 2014 IEEE.
Early Detection of Security Miscon_guration Vulnerabilities in Web Applications”, Birhanu Eshete, Adolfo Villa_orita, Komminist Weldemariam, 2011 Sixth International Conference on Availability, Reliability and Security.
“Threat Modelling for CSRF Attacks”, Xiaoli Lin, Pavol Zavarsky, Ron Ruhl and Dale Lindskog, 2009 International Conference on Computational Science and Engineering.
“A Privacy-Preserving Defense Mechanism Against Request Forgery Attacks”, Ben S.Y. Fung and Patrick P.C. Lee, 2011 International Joint Conference of IEEE TrustCom-11/IEEE ICESS-11/FCST-11.
“http://www.upenn.edu/computing/security/swat/SWAT_Top_Ten_A3.php”.
“https://blog.codinghorror.com/preventing-csrf-and-xsrf-attacks/”.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Nadar, V.M., Chatterjee, M., Jacob, L. (2018). A Defensive Approach for CSRF and Broken Authentication and Session Management Attack. In: Perez, G., Tiwari, S., Trivedi, M., Mishra, K. (eds) Ambient Communications and Computer Systems. Advances in Intelligent Systems and Computing, vol 696. Springer, Singapore. https://doi.org/10.1007/978-981-10-7386-1_49
Download citation
DOI: https://doi.org/10.1007/978-981-10-7386-1_49
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-7385-4
Online ISBN: 978-981-10-7386-1
eBook Packages: EngineeringEngineering (R0)