Proceedings of the Institute for System Programming of the RAS
RUS  ENG    JOURNALS   PEOPLE   ORGANISATIONS   CONFERENCES   SEMINARS   VIDEO LIBRARY   PACKAGE AMSBIB  
General information
Latest issue
Archive

Search papers
Search references

RSS
Latest issue
Current issues
Archive issues
What is RSS



Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
Find






Personal entry:
Login:
Password:
Save password
Enter
Forgotten password?
Register


Proceedings of the Institute for System Programming of the RAS, 2017, Volume 29, Issue 5, Pages 7–18
DOI: https://doi.org/10.15514/ISPRAS-2017-29(5)-1
(Mi tisp255)
 

This article is cited in 1 scientific paper (total in 1 paper)

The study into cross-site request forgery attacks within the framework of analysis of software vulnerabilities

A. V. Barabanova, A. I. Lavrova, A. S. Markovb, I. A. Polotnyanschikova, V. L. Tsirlovb

a NPO Echelon
b Bauman MSTU
Full-text PDF (397 kB) Citations (1)
References:
Abstract: Nowadays, web applications are one of the most popular types of target of evaluation within the framework of the information security certification. The relevance of the study of web applications vulnerabilities during information security certification is due to the fact that web technologies are actively used while producing modern information systems, including information systems critical from the information security point of view, and on the other hand carrying out basic attacks on such information systems do not require violators of high technical competence, since data on typical vulnerabilities and attacks, including the attacking tools are heavily represented in publicly available sources of information, and the information systems themselves are usually available from public communication networks. The paper presents the results of a study of the security of web applications that are target of evaluation within the framework of certification for information security requirements against cross-site requests forgery attacks. The results of systematization and generalization of information about the cross-site requests forgery attacks and security controls used by web application developers are presented. The results of experimental studies of 10 web applications that have passed certification tests against information security requirements are presented. The results of experimental studies have shown that most developers do not pay enough attention to protection from cross-site request forgery attack - 7 out of 10 web applications tested have been vulnerable to this type of attack. Based on the results of processing the results of experimental studies, the distribution of security controls used in web applications and identified vulnerabilities by programming languages were obtained. Recommendations regarding the protection of web applications against cross-site request forgery attack for developers planning to certify their software are formulated.
Keywords: information security, software security, analysis of vulnerabilities, web-application, CSRF-attack.
Bibliographic databases:
Document Type: Article
Language: English
Citation: A. V. Barabanov, A. I. Lavrov, A. S. Markov, I. A. Polotnyanschikov, V. L. Tsirlov, “The study into cross-site request forgery attacks within the framework of analysis of software vulnerabilities”, Proceedings of ISP RAS, 29:5 (2017), 7–18
Citation in format AMSBIB
\Bibitem{BarLavMar17}
\by A.~V.~Barabanov, A.~I.~Lavrov, A.~S.~Markov, I.~A.~Polotnyanschikov, V.~L.~Tsirlov
\paper The study into cross-site request forgery attacks within the framework of analysis of software vulnerabilities
\jour Proceedings of ISP RAS
\yr 2017
\vol 29
\issue 5
\pages 7--18
\mathnet{http://mi.mathnet.ru/tisp255}
\crossref{https://doi.org/10.15514/ISPRAS-2017-29(5)-1}
\elib{https://elibrary.ru/item.asp?id=30754461}
Linking options:
  • https://www.mathnet.ru/eng/tisp255
  • https://www.mathnet.ru/eng/tisp/v29/i5/p7
  • This publication is cited in the following 1 articles:
    Citing articles in Google Scholar: Russian citations, English citations
    Related articles in Google Scholar: Russian articles, English articles
    Proceedings of the Institute for System Programming of the RAS
    Statistics & downloads:
    Abstract page:141
    Full-text PDF :59
    References:28
     
      Contact us:
     Terms of Use  Registration to the website  Logotypes © Steklov Mathematical Institute RAS, 2024