TY  - JOUR
T1  - Overview of cross site request forgery and client-side protection
A1  - Yaakob, Razali
LA  - English
PB  - Technopark Publications
YR  - 2013
UL  - http://discoverylib.upm.edu.my/discovery/Record/oai:psasir.upm.edu.my:30572
AB  - As long as internet and web application are a part of our
lives to let us to live as easy as we moved like: online
market, online bank, online shop and many more, it take
attention of malicious to take an advantage of our easy
life. Lately there are many types of attacks on web
application but so far mostly focused Cross Site Scripting
and SQL injection attacks. However there is less attention
to prevent Cross Site Request. Cross Site Request Forgery
permits malicious to make a request on behalf of user
without his/her knowledge. The attack used the
authentication between the target website and user
through the internet browser. In this paper we would
present how Cross Site Request forgery attack works. In
additional we present our approach to mitigate Cross Site
Request forgery by PCSRF Framework (Prevent Cross
Site Request forgery) on Firefox. We propose client side
protection. We had experimental test of our framework
functionality. From 134 numbers of attacks which
contains Post, Get and other methods, we successfully
managed to prevent over 79% of attack through three
different test sections.
ER  -