A report on CSRF security challenges &amp; prevention techniques

Yadav, Pratibha; Parekh, Chandresh

doi:10.1109/iciiecs.2017.8275852

Cited by 6 publications

(2 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Web uygulamasına giden isteklerin nasıl ve hangi kaynaktan gönderildiği kontrol edilmeyen sistemlerde meydana gelir. Saldırganlar, sosyal mühendislik teknikleriyle de CSRF saldırısı gerçekleştirilebilir [28]. Başarılı bir CSRF saldırısı sonucunda kullanıcının bilgilerini değiştirme, banka hesabından para transferi, uygulamaya yönetici ekleme gibi işlemler gerçekleştirilebilir.…”

Section: Siteler Arası İstek Sahteciliğiunclassified

Yazılım Güvenlik Açıklarının Evrişimsel Sinir Ağları (CNN) ile Sınıflandırılması

ÖZDEMİR

Türkoğlu

2022

Fırat Üniversitesi Mühendislik Bilimleri Dergisi

View full text Add to dashboard Cite

The technical applications that will ensure that the software system continues to work correctly against malicious attacks is called software security. Weaknesses and flaws in the software system that cause the risk of being hacked are defined as software vulnerability. Software vulnerabilities can cause serious damage by compromising the confidentiality, integrity, usability and accessibility of a software. If software vulnerabilities are detected at an early stage and managed effectively, the risk of system attack and damage can be reduced. Artificial intelligence-based methods have been used in recent years to automatically manage software security vulnerabilities. In this study, a deep learning-based automatic classification method has been proposed to help identify and manage the categories of security vulnerabilities. The developed method is built on the convolutional neural network (CNN) model, which is one of the deep neural network models. The National Vulnerability Database (NVD) was used to measure the performance of the proposed model. The CNN model used in the study has been shown to provide high performance in automatic classification of software security vulnerabilities.

show abstract

Section: Siteler Arası İstek Sahteciliğiunclassified

Yazılım Güvenlik Açıklarının Evrişimsel Sinir Ağları (CNN) ile Sınıflandırılması

ÖZDEMİR

Türkoğlu

2022

Fırat Üniversitesi Mühendislik Bilimleri Dergisi

View full text Add to dashboard Cite

show abstract

“…In this paper, the authors discuss websites with improper input validation. Improper input validation is responsible for various types of web application-based attacks such as Cross Site Request Forgery (CSRF) [29], Cross Site Scripting (XSS) [30], Structured Query Language (SQLi) [31], [37] Local File Inclusion [32], [33], Broken Authentications [34], Session Management [35], and Local File Discloser [36]. The authors test SQLi-based attacks to measure the severity of improper input validation of some targeted websites.…”

Section: Introductionmentioning

confidence: 99%

A Study of Ajax Template Injection in Web Applications

Noyon¹,

Abid²,

Hassan³

et al. 2018

IJET

View full text Add to dashboard Cite

Cyber-attacks are becoming increasingly frequent, causing a lot of damage. Cyber-attacks have crippled our economic infrastructure both directly and indirectly. Attackers steal our valuable data by compromising web application security loopholes. Developers can prevent cyber-attacks using latest web technologies. Since web technologies are becoming more secure, cyber attackers are getting more incursive to find out the zero day vulnerability of the targeted system to breach the security. Nowadays most damaging attacks are done using zero-day vulnerability. An Ajax template injection is such an attack: An unauthenticated attacker dumps database table credentials by intercepting server response. Owing to the damage caused by an Ajax template injection, it can be counted among the OWASP top ten web application vulnerabilities in the near future. This paper discusses the idea of an Ajax template injection and its impact on Ajaxbased web applications. This paper also provides statistical data about the percentage of Ajax-based web application vulnerabilities in Bangladesh.

show abstract