CSRF Attacks and its Defence using Middleware
Journal: International Journal of Trend in Scientific Research and Development (Vol.5, No. 4)Publication Date: 2021-06-01
Authors : Shubham Kumar Jha Raghavendra R;
Page : 1085-1088
Keywords : CSRF attack; cross-site request forgery; web security; Internet vulnerability;
Abstract
A common solution to the issue of CSRF vulnerability is to restrict malicious requests from reaching the core of the application, where all the data and business logic is present. But the most challenging part is to identify when a request is malicious and when is it healthy. Implementing a simple solution would lead to more vulnerabilities and implementing too strict a solution would lead to breakages where projects depend on cross site requests like third party authentication and payment gateways etc. The solution being proposed in this paper constitutes the design and implementation of a request filtering mechanism that can precisely distinguish between malicious and healthy requests, and automatically decide to restrict them or allow them to get further deep into the system. This paper briefly explains what a Cross Site Request Forgery attack is, and then goes into a step by step explanation on the prevention of CSRF attacks using a middleware. The proposed system is very strict in filtering out HTTP requests but also has an option to exempt certain cross site requests based on their domain or URL, with which payment hooks and other third party authentication calls can be exempted from the CSRF middleware. Shubham Kumar Jha | Raghavendra R "CSRF Attacks and its Defence using Middleware" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-4 , June 2021, URL: https://www.ijtsrd.compapers/ijtsrd42476.pdf Paper URL: https://www.ijtsrd.comcomputer-science/world-wide-web/42476/csrf-attacks-and-its-defence-using-middleware/shubham-kumar-jha
Other Latest Articles
- Vishwakarma Yojana an Approach towards Rurbanization Dayal
- Community Relations Program in Relation to Peace Process Maintenance of the Philippine National Police
- Forensic Accounting Practices and Accountability Evidence from Ministry of Finance, Awka
- Smart Integrated Trolley for Future Super Markets
- The Works of Rabindranath Tagore An Ecocritical Reading
Last modified: 2021-07-13 15:18:44