Cross-site attacks are widely used to exploit Web site vulnerability. Barth, Jackson, and Mitchell present in this paper a detailed description of cross-site request forgery (CSRF), a specific kind of cross-site attack. CSRF allows the attacker to forge a valid request to a Web site by redirecting the user. The authors also discuss the existing defenses against CSRF and suggest “modifying browsers to send an origin header with POST requests that identifies the [source] that initiated the request.“ The paper is well written and the references are up to date. The paper should be valuable to professionals in the Internet security area.
|Publication status||Published - 4 Feb 2010|