Large-Scale Analysis & Detection of Authentication Cross-Site Request Forgeries

“…This can be used for instance to steal confidential information that will be sent to Eve's account instead of Alice's account. We will not consider protection against login CSRF in this paper; we refer the interested reader to [34] for some recent results on the topic.…”

“…For example, if a website defends against CSRF through the use of an unpredictable user identifier, then Alice's requests will be rejected in Bob's session. The use of two test accounts for CSRF detection has already been advocated in previous work [34] and is part of traditional manual testing strategies. 10 After installing Mitch in her browser, the security tester first navigates the website as Alice: for every HTTP request detected as sensitive, Mitch stores the content of the corresponding HTTP response.…”

“…CSRF-checker [34] is a black-box detection tool for a class of CSRF vulnerabilities, called authentication CSRF, which affect web authentication and identity management. This class of CSRF vulnerabilities enables login CSRF attacks [2], which authenticate the victim as the attacker, as well as attacks which allow the attacker to take control of the victim's account.…”

“…Robust defenses against CSRF are well-known [2], but still a significant number of modern web applications was shown to be vulnerable to this class of attacks [28], [34]. The main challenge to face when implementing protection against CSRF is that one has to strike a delicate balance between security and usability.…”

Mitch: A Machine Learning Approach to the Black-Box Detection of CSRF Vulnerabilities

“…This can be used for instance to steal confidential information that will be sent to Eve's account instead of Alice's account. We will not consider protection against login CSRF in this paper; we refer the interested reader to [34] for some recent results on the topic.…”

“…For example, if a website defends against CSRF through the use of an unpredictable user identifier, then Alice's requests will be rejected in Bob's session. The use of two test accounts for CSRF detection has already been advocated in previous work [34] and is part of traditional manual testing strategies. 10 After installing Mitch in her browser, the security tester first navigates the website as Alice: for every HTTP request detected as sensitive, Mitch stores the content of the corresponding HTTP response.…”

“…CSRF-checker [34] is a black-box detection tool for a class of CSRF vulnerabilities, called authentication CSRF, which affect web authentication and identity management. This class of CSRF vulnerabilities enables login CSRF attacks [2], which authenticate the victim as the attacker, as well as attacks which allow the attacker to take control of the victim's account.…”

“…Robust defenses against CSRF are well-known [2], but still a significant number of modern web applications was shown to be vulnerable to this class of attacks [28], [34]. The main challenge to face when implementing protection against CSRF is that one has to strike a delicate balance between security and usability.…”

Mitch: A Machine Learning Approach to the Black-Box Detection of CSRF Vulnerabilities

“…Since its discovery in 2001 [36], CSRF vulnerabilities have been continuosly ranked as one of the top three security risks for web applications, along with cross-site scripting (XSS) and SQL injection (SQLi) [6,11,31]. Successful CSRF exploitations can result in illicit money transfers [43], user account takeover [38], or remote server-side command execution [19], to name only a few publicly documented cases. In the past, similar vulnerabilities have been discovered in many popular websites including Gmail [34], Netix [12], ING Direct [43], and, more recently, in Google, Skype, and Ali Express websites [38].…”

Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs

Performance Impact of Misbehaving Voters