Title :
Threat Modeling for CSRF Attacks
Author :
Lin, Xiaoli ; Zavarsky, Pavol ; Ruhl, Ron ; Lindskog, Dale
Author_Institution :
Dept. of Inf. Syst. Security Manage., Concordia Univ. Coll. of Alberta, Edmonton, AB, Canada
Abstract :
Cross-site request forgery (CSRF) vulnerability is extremely widespread and one of the top ten Web application vulnerabilities of the Open Web Application Security Project (OWASP). In this paper, we explore the CSRF vulnerabilities, illustrate the real-world CSRF attack, and present novel CSRF attack tree models. The threat models provide for exploring, understanding, and validating security protection features in realistic Web application scenarios.
Keywords :
Internet; computer crime; fraud; CSRF attack tree model; Open Web Application Security Project; Web application vulnerability; cross-site request forgery; security protection; threat modeling; Conference management; Educational institutions; Engineering management; Forgery; Information management; Information security; Management information systems; Project management; Protection; Web server; Cross-Site Request Forgery; OWASP; attack tree; threat model;
Conference_Titel :
Computational Science and Engineering, 2009. CSE '09. International Conference on
Conference_Location :
Vancouver, BC
Print_ISBN :
978-1-4244-5334-4
Electronic_ISBN :
978-0-7695-3823-5
DOI :
10.1109/CSE.2009.372
