Research on developing a lab environment for cross site request forgery: Attack and defense education in higher vocational colleges

Cross Site Request Forgery (CSRF) is among the most exploited Web security vulnerabilities. Yet it has received comparatively less attention. It´s a must for Web site administrators to protect their Web sites from CSRF attacks. In order to let the students master the attack and defense skills of CSRF, it´s essential to let them have the opportunity to truly practice the attacks as hackers do, and to practice the defenses as web site administrators do. Yet we haven´t seen much research done in the area of developing lab environments to facilitate CSRF education in higher vocational colleges. In this paper, we have shown how teachers in higher vocational colleges can develop a simple lab environment for CSRF attack and defense education. We believe that the developed lab environment will facilitate the education of CSRF attack and defense. And we suggest that a lot more researches need to be done in the area of developments of attack and defense lab environments to improve the outcomes of network security education in higher vocational colleges.