Towards stateless, client-side driven cross-site request forgery protection for web applications

Cross-site request forgery (CSRF) is one of the dominant threats in the Web application landscape. In this paper, we present a lightweight and stateless protection mechanism that can be added to an existing application without requiring changes to the application's code. The key functionality of the approach, which is based on the double-submit technique, is purely implemented on the client-side. This way full coverage of client-side generation of HTTP requests is provided.

Lekies, Sebastian; Tighzert, Walter; Johns, Martin (2012): Towards stateless, client-side driven cross-site request forgery protection for web applications. SICHERHEIT 2012 – Sicherheit, Schutz und Zuverlässigkeit. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-289-5. pp. 111-121. Regular Research Papers. Darmstadt. 7.-9. März 2012

Sammlungen

P195 - Sicherheit 2012 - Sicherheit, Schutz und Zuverlässigkeit

Komplettanzeige

Towards stateless, client-side driven cross-site request forgery protection for web applications

Volltext URI

Dokumententyp

Dateien

Zusatzinformation

Datum

Autor:innen

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Quelle

Verlag

Zusammenfassung

Beschreibung

Schlagwörter

Zitierform

DOI

Tags

Sammlungen