External Link
BibTeX
@inproceedings{10.1145/1655077.1655081, author = {Maes, Wim and Heyman, Thomas and Desmet, Lieven and Joosen, Wouter}, title = {Browser protection against cross-site request forgery}, year = {2009}, isbn = {9781605587820}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/1655077.1655081}, doi = {10.1145/1655077.1655081}, abstract = {As businesses are opening up to the web, securing their web applications becomes paramount. Nevertheless, the number of Web application attacks is constantly increasing. Cross-Site Request Forgery (CSRF) is one of the more serious threats to web applications that gained a lot of attention lately. It allows an attacker to perform malicious authorized actions originating in the end-users browser, without his knowledge. This paper presents a client-side policy enforcement framework to transparently protect the end-user against CSRF. To do so, the framework monitors all outgoing web requests within the browser and enforces a configurable cross-domain policy. The default policy is carefully selected to transparently operate in a web 2.0 context. In addition, the paper also proposes an optional server-side policy to improve the accuracy of the client-side policy enforcement. A prototype is implemented as a Firefox extension, and is thoroughly evaluated in a web 2.0 context.}, booktitle = {Proceedings of the First ACM Workshop on Secure Execution of Untrusted Code}, pages = {3–10}, numpages = {8}, keywords = {cross-site request forgery, run-time policy enforcement, Web application security}, location = {Chicago, Illinois, USA}, series = {SecuCode ‘09} }