A common solution to the issue of CSRF vulnerability is to restrict malicious requests from reaching the core of the application, where all the data and business logic is present. But the most challenging part is to identify when a request is malicious and when is it healthy. Implementing a simple solution would lead to more vulnerabilities and implementing too strict a solution would lead to breakages where projects depend on cross site requests like third party authentication and payment gateways etc. The solution being proposed in this paper constitutes the design and implementation of a request filtering mechanism that can precisely distinguish between malicious and healthy requests, and automatically decide to restrict them or allow them to get further deep into the system. This paper briefly explains what a Cross Site Request Forgery attack is, and then goes into a step by step explanation on the prevention of CSRF attacks using a middleware. The proposed system is very strict in filtering out HTTP requests but also has an option to exempt certain cross site requests based on their domain or URL, with which payment hooks and other third party authentication calls can be exempted from the CSRF middleware.
by Shubham Kumar Jha | Raghavendra R "CSRF Attacks and its Defence using Middleware"
Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-4 , June 2021,
No comments:
Post a Comment