1 / 1

A Client-Based and Server-Enhanced Defense Mechanism for Cross-Site Request Forgery

Luyi Xing, GUCAS, China. Server:. Observation: Almost every POST target URL needs only a small number of different intended source URLs. And GET is similar. Client:. POST : { Dest1: /profile.php Same domain1: /update.php Cross domain1: trust.com/change.asp Dest2: /blog.php

nuala
Download Presentation

A Client-Based and Server-Enhanced Defense Mechanism for Cross-Site Request Forgery

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Luyi Xing, GUCAS, China Server: Observation: Almost every POST target URL needs only a small number of different intended source URLs. And GET is similar. Client: POST:{ Dest1: /profile.php Same domain1: /update.php Cross domain1: trust.com/change.asp Dest2: /blog.php Same domain2: subdomain1.sns.com/* Cross domain2: none} A Client-Based and Server-Enhanced Defense Mechanism for Cross-Site Request Forgery Definition: The Super-Referer of a request is made up of its Referer and all URLs of the Referer’s ancestor frames, excluding the querying part. GET:{ Dest1: /transfer.php Same domain1: /account.php Cross domain1: trust.com/out_transfer.asp Dest2: /logout.php Same domain2: subdomain1.bank.com/* Cross domain2: none}

More Related