DefinePK

Abstract

CSRF stands for Cross-Site Request Forgery, which is among the top web vulnerabilities in which the attacker maliciously exploits a website using victims’ credentials and sends unauthorized actions/calls on a trusted web application. In Cross-site request forgery, the attacker sends a malicious forged link to the user. Upon clicking, the forged request is sent on behalf of the user which results in data leakage. Till today, numerous defense mechanisms (on both the client and server sides) have been proposed as the result of increasing attacks and leakage of personal data. Such mechanisms include HTTP header, validation of random tokens, hybrid-model HTTP and content analysis, client-server proxy, and so on. However, even today, such attacks exist and occur. This report analyzes various existing defense mechanisms and models, critically assesses each of them, and addresses the voids in each of them. It also describes how combining two mechanisms help overcome the flaws.