Preventing Image Based Cross Site Request Forgery Attacks

Download Now Free registration required

Executive Summary

Cross Site Request Forgery (CSRF) is an attack on web applications which exploits the trust of authenticated users. This attack allows a partially compromised site to make arbitrary HTTP requests on behalf of victim user who is currently logged in to a site. Currently very few defensive mechanisms like secret validation token, referer header, custom HTTP header and origin header are available to prevent this attack. This paper presents a client-side proxy solution that detects and prevents CSRF attacks using IMG element or other HTML elements which are used to access the graphic images for the webpage.

  • Format: PDF
  • Size: 148.1 KB