A. V. Barabanov, A. I. Lavrov, A. S. Markov, I. A. Polotnyanschikov, V. L. Tsirlov, “The study into cross-site request forgery attacks within the framework of analysis of software vulnerabilities”, Proceedings of ISP RAS, 29:5 (2017), 7

Proceedings of the Institute for System Programming of the RAS

RUS ENG

JOURNALS PEOPLE ORGANISATIONS CONFERENCES SEMINARS VIDEO LIBRARY PACKAGE AMSBIB

JavaScript is disabled in your browser. Please switch it on to enable full functionality of the website

	General information
	Latest issue
	Archive

	Search papers
	Search references

	RSS
	Latest issue
	Current issues
	Archive issues
	What is RSS

Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
	Find

Personal entry:
Login:
Password:
	Save password
	Enter
	Forgotten password?
	Register

Proceedings of the Institute for System Programming of the RAS, 2017, Volume 29, Issue 5, Pages 7–18
DOI: https://doi.org/10.15514/ISPRAS-2017-29(5)-1 (Mi tisp255)

This article is cited in 1 scientific paper (total in 1 paper)

The study into cross-site request forgery attacks within the framework of analysis of software vulnerabilities

A. V. Barabanov^a, A. I. Lavrov^a, A. S. Markov^b, I. A. Polotnyanschikov^a, V. L. Tsirlov^b

^a NPO Echelon
^b Bauman MSTU

Full-text PDF (397 kB) Citations (1)

References:

PDF

HTML

DOI: https://doi.org/10.15514/ISPRAS-2017-29(5)-1

Abstract: Nowadays, web applications are one of the most popular types of target of evaluation within the framework of the information security certification. The relevance of the study of web applications vulnerabilities during information security certification is due to the fact that web technologies are actively used while producing modern information systems, including information systems critical from the information security point of view, and on the other hand carrying out basic attacks on such information systems do not require violators of high technical competence, since data on typical vulnerabilities and attacks, including the attacking tools are heavily represented in publicly available sources of information, and the information systems themselves are usually available from public communication networks. The paper presents the results of a study of the security of web applications that are target of evaluation within the framework of certification for information security requirements against cross-site requests forgery attacks. The results of systematization and generalization of information about the cross-site requests forgery attacks and security controls used by web application developers are presented. The results of experimental studies of 10 web applications that have passed certification tests against information security requirements are presented. The results of experimental studies have shown that most developers do not pay enough attention to protection from cross-site request forgery attack - 7 out of 10 web applications tested have been vulnerable to this type of attack. Based on the results of processing the results of experimental studies, the distribution of security controls used in web applications and identified vulnerabilities by programming languages were obtained. Recommendations regarding the protection of web applications against cross-site request forgery attack for developers planning to certify their software are formulated.

Keywords: information security, software security, analysis of vulnerabilities, web-application, CSRF-attack.

Bibliographic databases:

Document Type: Article

Language: English

Citation: A. V. Barabanov, A. I. Lavrov, A. S. Markov, I. A. Polotnyanschikov, V. L. Tsirlov, “The study into cross-site request forgery attacks within the framework of analysis of software vulnerabilities”, Proceedings of ISP RAS, 29:5 (2017), 7–18

Citation in format AMSBIB

\Bibitem{BarLavMar17}

\by A.~V.~Barabanov, A.~I.~Lavrov, A.~S.~Markov, I.~A.~Polotnyanschikov, V.~L.~Tsirlov

\paper The study into cross-site request forgery attacks within the framework of analysis of software vulnerabilities

\jour Proceedings of ISP RAS

\yr 2017

\vol 29

\issue 5

\pages 7--18

\mathnet{http://mi.mathnet.ru/tisp255}

\crossref{https://doi.org/10.15514/ISPRAS-2017-29(5)-1}

\elib{https://elibrary.ru/item.asp?id=30754461}

Linking options:

https://www.mathnet.ru/eng/tisp255

https://www.mathnet.ru/eng/tisp/v29/i5/p7

This publication is cited in the following 1 articles:

Citing articles in Google Scholar: Russian citations, English citations
Related articles in Google Scholar: Russian articles, English articles

Proceedings of the Institute for System Programming of the RAS

Statistics & downloads:
Abstract page:	128
Full-text PDF :	52
References:	19

Что такое QR-код?

Registration to the website

Logotypes