Towards stateless, client-side driven cross-site request forgery protection for web applications
| dc.contributor.author | Lekies, Sebastian | |
| dc.contributor.author | Tighzert, Walter | |
| dc.contributor.author | Johns, Martin | |
| dc.contributor.editor | Suri, Neeraj | |
| dc.contributor.editor | Waidner, Michael | |
| dc.date.accessioned | 2018-11-19T13:11:37Z | |
| dc.date.available | 2018-11-19T13:11:37Z | |
| dc.date.issued | 2012 | |
| dc.description.abstract | Cross-site request forgery (CSRF) is one of the dominant threats in the Web application landscape. In this paper, we present a lightweight and stateless protection mechanism that can be added to an existing application without requiring changes to the application's code. The key functionality of the approach, which is based on the double-submit technique, is purely implemented on the client-side. This way full coverage of client-side generation of HTTP requests is provided. | en |
| dc.identifier.isbn | 978-3-88579-289-5 | |
| dc.identifier.pissn | 1617-5468 | |
| dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/18267 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik e.V. | |
| dc.relation.ispartof | SICHERHEIT 2012 – Sicherheit, Schutz und Zuverlässigkeit | |
| dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-195 | |
| dc.title | Towards stateless, client-side driven cross-site request forgery protection for web applications | en |
| dc.type | Text/Conference Paper | |
| gi.citation.endPage | 121 | |
| gi.citation.publisherPlace | Bonn | |
| gi.citation.startPage | 111 | |
| gi.conference.date | 7.-9. März 2012 | |
| gi.conference.location | Darmstadt | |
| gi.conference.sessiontitle | Regular Research Papers |
Dateien
Originalbündel
1 - 1 von 1