Strengthening XSRF Defenses for Legacy Web Applications Using Whitebox Analysis and Transformation

نویسندگان

Michelle Zhou

Prithvi Bisht

V. N. Venkatakrishnan

چکیده

Cross Site Request Forgery (XSRF) is regarded as one of the major threats on the Web. In this paper, we propose an approach that automatically retrofits the source code of legacy web applications with a widely-used defense approach for this attack. Our approach addresses a number of shortcomings in prior blackbox solutions for automatic XSRF protection. Our approach has been implemented in a tool called X-PROTECT that was used to retrofit several commercial Java-based web applications. Our experimental results demonstrate that the X-PROTECT approach is both effective and efficient in practice.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Framework for Migrating Web Applications to Web Services

In this paper, we present a framework for semi-automatically migrating monolithic legacy web applications to service oriented architecture (SOA) by separating potentially reusable features as web services. Software design recovery and source transformation techniques are used to automatically analyze and reprogram web application code to migrate existing web-based systems to support inter-busin...

متن کامل

Cross Site Request Forgery on Android WebView

Android has always been about connectivity and providing great browsing experience. Web-based content can be embedded into the Android application using WebView. It is a User Interface component that displays webpages. It can either display a remote webpage or can also load static HTML data. This encompasses the functionality of a browser that can be integrated to application. WebView provides ...

متن کامل

Automatically Preparing Safe SQL Queries

We present the first sound program source transformation approach for automatically transforming the code of a legacy web application to employ PREPARE statements in place of unsafe SQL queries. Our approach therefore opens the way for eradicating the SQL injection threat vector from legacy web applications.

متن کامل

Analysis of Software Countermeasures for Whitebox Encryption

Whitebox cryptography aims to ensure the security of cryptographic algorithms in the whitebox model where the adversary has full access to the execution environment. To attain security in this setting is a challenging problem: Indeed, all published whitebox implementations of standard symmetric-key algorithms such as AES to date have been practically broken. However, as far as we know, no white...

متن کامل

Modeling Interactions between Web Applications and Third Party Systems

Web-based applications are no longer isolated systems. Now they need to interoperate with external service providers and legacy systems, which are available in a wide range of different platforms, and may follow disparate communication mechanisms. Modeling the interactions between these systems is not simple, and needs to be properly addressed within any model-driven development scenario. Many ...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2010

Strengthening XSRF Defenses for Legacy Web Applications Using Whitebox Analysis and Transformation

نویسندگان

چکیده

منابع مشابه

A Framework for Migrating Web Applications to Web Services

Cross Site Request Forgery on Android WebView

Automatically Preparing Safe SQL Queries

Analysis of Software Countermeasures for Whitebox Encryption

Modeling Interactions between Web Applications and Third Party Systems

عنوان ژورنال:

اشتراک گذاری