Document Type : Research Article
Authors
Faculty of Electrical and Computer Engineering, Malek Ashtar University of Technology, Iran.
Abstract
Keywords
Main Subjects
[1] | B. Liu, L. Shi, Z. Cai, and M. Li. Software Vulnerability Discovery Techniques: A Survey. In 2012 fourth international conference on multimedia information networking and security, pages 152--156. IEEE, 2012. [ bib | DOI ] |
[2] | R. D. Kombade and BB. Meshram. CSRF Vulnerabilities and Defensive Techniques. International Journal of Computer Network and Information Security, 4(1), 2012. [ bib | DOI ] |
[3] | H. Shahriar and M. Zulkernine. Client-Side Detection of Cross-Site Request Forgery Attacks. In 2010 IEEE 21st International Symposium on Software Reliability Engineering, pages 358--367. IEEE, 2010. [ bib | DOI ] |
[4] | M. Rocchetto, M. Ochoa, and M. T.Dashti. Model-based Detection of CSRF. In IFIP International Information Security Conference, pages 30--43. Springer, 2014. [ bib | DOI ] |
[5] | M. Rocchetto, M. Ochoa, and M. T.Dashti. A Study of the Effectiveness of CSRF Guard. In 2011 IEEE Third International Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on Social Computing, pages 1269--1272. IEEE, 2011. [ bib | DOI ] |
[6] | K. Jayaraman, W. Du, B. Rajagopalan, and S. J. Chapin. ESCUDO: A Fine-Grained Protection Model for Web Browsers. In 2011 IEEE Third International Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on Social Computing, pages 231--240. IEEE, 2010. [ bib | DOI ] |
[7] | OWASP Foundation. Cross-Site Request Forgery (CSRF). http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF), Date Accessed: June 3, 2018. [ bib ] |
[8] | S. Sadeghi and M. A. Hadavi. Black-box Detection of Resistance against CSRF Attacks (in Persian). In 15th International ISC Conference on Information Security and Cryptology, 2018. [ bib | DOI ] |
[9] | P. Khurana and P. Bindal. Vulnerabilities and Defensive Mechanism of CSRF. International Journal of Computer Trends and Technology, 13(4):2231--2803, 2014. [ bib | DOI ] |
[10] | M. S. Siddiqui and D. Verma. Cross-site request forgery: A common web application weakness. In 2011 IEEE 3rd International Conference on Communication Software and Networks, pages 538--543. IEEE, 2010. [ bib | DOI ] |
[11] | T. Oda, G. Wurster, P. C. Van Oorschot, and A. Somayaji. SOMA: mutual approval for included content in web pages. In Proceedings of the 15th ACM conference on Computer and communications security, page 89–98. ACM, 2008. [ bib | DOI ] |
[12] | E. Y. Chen, J. Bau, C. Reis, A. Barth, and C. Jackson. App isolation: get the security of multiple browsers with just one. In Proceedings of the 18th ACM conference on Computer and communications security, pages 227--238. ACM, 2011. [ bib | DOI ] |
[13] | M. Bugliesi, S. Calzavara, R. Focardi, W. Khan, and M. Tempesta. Provably Sound Browser-Based Enforcement of Web Session Integrity. In 2014 IEEE 27th Computer Security Foundations Symposium, pages 366--380. IEEE, 2011. [ bib | DOI ] |
[14] | S. Calzavara, R. Focardi, M. Squarcina, and M. Tempesta. Surviving the Web: A Journey into Web Session Security. ACM Computing Surveys (CSUR), 20(1):1--34, 2017. [ bib | DOI ] |
[15] | G. Pellegrino, M. Johns, S. Koch, M. Backes, and C. Rossow. Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pages 1757--1771. ACM, 2017. [ bib | DOI ] |
[16] | M. Srokosz, D. Rusinek, and B. Ksiezopolski. A new WAF-based architecture for protecting web applications against CSRF attacks in malicious environment. In 2018 Federated Conference on Computer Science and Information Systems (FedCSIS), pages 391--395. IEEE, 2018. [ bib | DOI ] |
[17] | S. Calzavara, M. Conti, R. Focardi, A. Rabitti, and G. Tolomei. Machine Learning for Web Vulnerability Detection: The Case of Cross-Site Request Forgery. IEEE Security & Privacy, 18(3):8--16, 2020. [ bib | DOI ] |
[18] | S. Calzavara, M. Conti, R. Focardi, A. Rabitti, and G. Tolomei. Mitch: A machine learning approach to the black-box detection of CSRF vulnerabilities. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P), pages 528--543. IEEE, 2019. [ bib | DOI ] |