White Papers

Robust Defenses for Cross-Site Request Forgery

Overview Cross-Site Request Forgery (CSRF) is a widely exploited web site vulnerability. This paper presents a new variation on CSRF attacks, login CSRF, in which the attacker forges a cross-site request to the login form, logging the victim into the honest web site as the attacker. The severity of login CSRF vulnerability varies by site, but it can be as severe as a cross-site scripting vulnerability. It detailed three major CSRF defense techniques and find shortcomings with each technique. Its observations do suggest, however, that the header can be used today as a reliable CSRF defense over HTTPS, making it particularly well-suited for defending against login CSRF. It also proposes that browsers implement the Origin header, which provides the security benefits of the Referer header while responding to privacy concerns.

By downloading you agree to our Terms and Conditions. These include information regarding use of your personal data.

Publisher: Association for Computing Machinery
File Format: PDF
Date Published: Jun 30, 2009
Format: White Papers
Topics: Network Security, Security Management

Similiar White Papers

Use these Registry settings to help lock down Windows

This sample chapter, taken from Microsoft Windows Registry Guide, Second Edition discusses how to use the registr

Publisher: TechRepublic | Tags: microsoft windows, network, windows server, windows xp, xp

Anonymous Proxy: A Growing Trend in Internet Abuse

Anonymous proxies are an unseen threat--a student's or employee's backdoor to malicious or productivity-sapping sites on

Publisher: Bloxx | Tags: database, third-generation, trend

Tivoli WebSEAL - Sizing and Capacity Planning

WebSEAL is a component of Tivoli Access Manager for e-business that provides an authentication and authorization mechani

Publisher: IBM | Tags: authentication, network, os, password, server

Balancing Security Against Productivity

What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending atta

Publisher: Novell | Tags: management, security management

A Brief History of Network Security and the Need for Host Based Intrusion Detection

This paper describes the present state of information and network security with specific concentration on Host-based Int

Publisher: Tetrad Digital Integrity (TDI) | Tags: network, network security

Association for Computing Machinery White Papers

Featured white papers

The Value of Location Intelligence in the Communications Industry

Pitney Bowes

Public Services are under pressure, the challenge is to do more with less. How do you improve citizen satisfaction, increase cost efficiencies and improve service delivery? The power of location intelligence is helping many local authorities...

Download now »
Best Practices for Translating Customer Satisfaction into Revenue

Citrix Online

Today's support organisations are focused on two top-level metrics: financial results and customer satisfaction. For most, it's easy to track financial performance, but customer satisfaction is akin to speaking a foreign language...

Download now »
HP print solutions and 3M

Hewlett-Packard (HP)

The objective for 3M was to optimize office printing infrastructure at 3M locations worldwide, reduce total cost and environmental footprint. Some of the business benefits acheived by switching to HP print solutions...

Download now »