Review of "Robust defenses for cross-site request forgery" by A. Barth, C. Jackson, J. Mitchell

Zheng Gong

Review of "Robust defenses for cross-site request forgery" by A. Barth, C. Jackson, J. Mitchell

Zheng Gong

Research output: Contribution to journal › Book/Film/Article review › Academic

Abstract

Cross-site attacks are widely used to exploit Web site vulnerability. Barth, Jackson, and Mitchell present in this paper a detailed description of cross-site request forgery (CSRF), a specific kind of cross-site attack. CSRF allows the attacker to forge a valid request to a Web site by redirecting the user. The authors also discuss the existing defenses against CSRF and suggest “modifying browsers to send an origin header with POST requests that identifies the [source] that initiated the request.“ The paper is well written and the references are up to date. The paper should be valuable to professionals in the Internet security area.

Original language	Undefined
Pages (from-to)	CR137694
Journal	Computing reviews
Publication status	Published - 4 Feb 2010

Keywords

EWI-17433
METIS-270730
SCS-Cybersecurity
CR-D.4.6

Access to Document

http://www.computingreviews.com/review/Review_review.cfm?review_id=137694

Cite this

@article{c6d14110c65d409dae1fa07d6032d026,

title = "Review of {"}Robust defenses for cross-site request forgery{"} by A. Barth, C. Jackson, J. Mitchell",

abstract = "Cross-site attacks are widely used to exploit Web site vulnerability. Barth, Jackson, and Mitchell present in this paper a detailed description of cross-site request forgery (CSRF), a specific kind of cross-site attack. CSRF allows the attacker to forge a valid request to a Web site by redirecting the user. The authors also discuss the existing defenses against CSRF and suggest “modifying browsers to send an origin header with POST requests that identifies the [source] that initiated the request.“ The paper is well written and the references are up to date. The paper should be valuable to professionals in the Internet security area.",

keywords = "EWI-17433, METIS-270730, SCS-Cybersecurity, CR-D.4.6",

author = "Zheng Gong",

year = "2010",

month = feb,

day = "4",

language = "Undefined",

pages = "CR137694",

journal = "Computing reviews",

issn = "0010-4884",

publisher = "Association for Computing Machinery",

}

TY - JOUR

T1 - Review of "Robust defenses for cross-site request forgery" by A. Barth, C. Jackson, J. Mitchell

AU - Gong, Zheng

PY - 2010/2/4

Y1 - 2010/2/4

N2 - Cross-site attacks are widely used to exploit Web site vulnerability. Barth, Jackson, and Mitchell present in this paper a detailed description of cross-site request forgery (CSRF), a specific kind of cross-site attack. CSRF allows the attacker to forge a valid request to a Web site by redirecting the user. The authors also discuss the existing defenses against CSRF and suggest “modifying browsers to send an origin header with POST requests that identifies the [source] that initiated the request.“ The paper is well written and the references are up to date. The paper should be valuable to professionals in the Internet security area.

AB - Cross-site attacks are widely used to exploit Web site vulnerability. Barth, Jackson, and Mitchell present in this paper a detailed description of cross-site request forgery (CSRF), a specific kind of cross-site attack. CSRF allows the attacker to forge a valid request to a Web site by redirecting the user. The authors also discuss the existing defenses against CSRF and suggest “modifying browsers to send an origin header with POST requests that identifies the [source] that initiated the request.“ The paper is well written and the references are up to date. The paper should be valuable to professionals in the Internet security area.

KW - EWI-17433

KW - METIS-270730

KW - SCS-Cybersecurity

KW - CR-D.4.6

M3 - Book/Film/Article review

SN - 0010-4884

SP - CR137694

JO - Computing reviews

JF - Computing reviews

ER -