Dynamic pharming attacks and locked same-origin policies for web browsers
Proceedings of the 14th ACM conference on Computer and communications security
Robust defenses for cross-site request forgery
Proceedings of the 15th ACM conference on Computer and communications security
Hi-index | 0.00 |
This work proposes a novel intrusion prevention technique that leverages information located in the browser in order to mitigate client-side web attacks such as login cross-site request forgery, session hijacking, etc. The browser intrusion prevention system enforces a new fine-grained policy, which complements the same-origin policy, that restricts interaction between authenticated and unauthenticated regions of a page or its associated stored data objects. The browser intrusion prevention system monitors page interactions that occur through script processing or URL fetches. The outcome of this technique is a system that can prevent attacks that are perpetuated by exploiting a user's browser into making malicious request.