Skip to main content
SpringerLink
Log in

A Defensive Approach for CSRF and Broken Authentication and Session Management Attack

  • Conference paper
  • First Online:
Ambient Communications and Computer Systems

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 696))

Abstract

Web application security is a fundamental information security that includes security of Web sites, Web applications, and/or Web services. Advanced Web application security relies on the foundation of online security that stresses the World Wide Web and their design libraries [1, 2]. Because of the development in Web 2.0, vast information sharing through social networking and demanding business adoption over the online Web and delivering services, Web applications are frequently attacked directly. False users rather try to attack the company infrastructure or attack the users accessing the Web site by forcing them to click on the forged malicious input, because of which industry is focusing more attention to online application security along with the security of the underlying computer network and operating systems. Online Web application designing should be improved by performing security analysis and security checks during the development stages as well as throughout the software development life cycle. As compared to most of the existing systems which detect only one attack at a time with limited rules, we propose an enhanced detecting model that can detect two attacks, that is, cross-site request forgery attack and broken authentication and session management attack within the same simulation environment with updated rule libraries and also have proposed a effective test environment.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. “SWART: Secure Web Application Response Tool”, Kanika Sharma and Naresh Ku-mar, 2013 International Conference on Control, Computing, Communication and Materials (ICCCCM).

    Google Scholar 

  2. https://www.incapsula.com/web-application-security/csrf-cross-site-request-forgery.html.

  3. “Preventing Cross-Site Request Forgery Attacks”, Nenand Jovanovic, Engin Kirda and Christopher Kruegel, Technical University of Vienna, IEEE 2006.

    Google Scholar 

  4. “Client-Side Detection of Cross-Site Forgery Attacks”, Hossain Shahriar and Mohammad Zulkernine, 2010 IEEE 21st International Symposium on Software Reliability Engineering.

    Google Scholar 

  5. “Improved CSRFGuard for CSRF Attacks Defense on Java EE Platform”, Jinxin You and Fan Guo, The 9th International Conference on Computer Science & Education (ICCSE 2014).

    Google Scholar 

  6. “Automated Detection of Session Management Vulnerabilities in Web Application”, Yusuke Takamatsu, Yuji Kosuga and Kenji Kono, 2012 Tenth Annual International Conference on privacy, Security and Trust.

    Google Scholar 

  7. “A Vulnerability Scanning Tool for Session Management Vulnerabilities”, Raymond Lukanta, Yudistira Asnar, A. Imam Kistijantoro, 2014 IEEE.

    Google Scholar 

  8. Early Detection of Security Miscon_guration Vulnerabilities in Web Applications”, Birhanu Eshete, Adolfo Villa_orita, Komminist Weldemariam, 2011 Sixth International Conference on Availability, Reliability and Security.

    Google Scholar 

  9. “Threat Modelling for CSRF Attacks”, Xiaoli Lin, Pavol Zavarsky, Ron Ruhl and Dale Lindskog, 2009 International Conference on Computational Science and Engineering.

    Google Scholar 

  10. “A Privacy-Preserving Defense Mechanism Against Request Forgery Attacks”, Ben S.Y. Fung and Patrick P.C. Lee, 2011 International Joint Conference of IEEE TrustCom-11/IEEE ICESS-11/FCST-11.

    Google Scholar 

  11. https://www.checkmarx.com/knowledge/knowledgebase/CSRF”.

  12. http://www.upenn.edu/computing/security/swat/SWAT_Top_Ten_A3.php”.

  13. https://www.veracode.com/security/csrf”.

  14. https://blog.codinghorror.com/preventing-csrf-and-xsrf-attacks/”.

Download references

Author information

Authors and Affiliations

  1. Department of Information Technology, PCE, New Panvel, India

    Virginia Mary Nadar

  2. Department of Computer Engineering, PCE, New Panvel, India

    Madhumita Chatterjee & Leena Jacob

Authors
  1. Virginia Mary Nadar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Madhumita Chatterjee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Leena Jacob
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Virginia Mary Nadar .

Editor information

Editors and Affiliations

  1. University of Murcia, Murcia, Spain

    Gregorio Martinez Perez

  2. Department of Computer Science and Engineering, ABES Engineering College, Ghaziabad, Uttar Pradesh, India

    Shailesh Tiwari

  3. Department of Computer Science and Engineering, ABES Engineering College, Ghaziabad, Uttar Pradesh, India

    Munesh C. Trivedi

  4. Department of Computer Science and Engineering, Motilal Nehru National Institute of Technology, Allahabad, Uttar Pradesh, India

    Krishn K. Mishra

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nadar, V.M., Chatterjee, M., Jacob, L. (2018). A Defensive Approach for CSRF and Broken Authentication and Session Management Attack. In: Perez, G., Tiwari, S., Trivedi, M., Mishra, K. (eds) Ambient Communications and Computer Systems. Advances in Intelligent Systems and Computing, vol 696. Springer, Singapore. https://doi.org/10.1007/978-981-10-7386-1_49

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-7386-1_49

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-7385-4

  • Online ISBN: 978-981-10-7386-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation