Building secure software: how to avoid security problems the right way
Building secure software: how to avoid security problems the right way
Computer
The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
Telling humans and computers apart automatically
Communications of the ACM - Information cities
PRO-COW: Protocol compliance on the web-a longitudinal study
USITS'01 Proceedings of the 3rd conference on USENIX Symposium on Internet Technologies and Systems - Volume 3
Robust defenses for cross-site request forgery
Proceedings of the 15th ACM conference on Computer and communications security
Swaddler: an approach for the anomaly-based detection of state violations in web applications
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Hi-index | 0.00 |
The goal of a web-request forgery attacker is to manipulate the intended workflow of a web application. Applications that fail to enforce the designer-intended interactions are vulnerable to this type of attack. This paper proposes a systematic methodology for designing web applications to strictly enforce the designer-intended interactions. Our approach captures workflow using the Web DFA model and applies four design patterns to strictly enforce the intended interactions. We argue that using patterns in conjunction with a Web DFA model produces web applications that are secure from request forgery attacks by construction; more-over, our mechanism could be useful in designing workflow-based applications in other domains.