2009 International Conference on Computational Science and Engineering (2009)
Aug. 29, 2009 to Aug. 31, 2009
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSE.2009.372
Cross-Site Request Forgery (CSRF) vulnerability is extremely widespread and one of the top ten Web application vulnerabilities of the Open Web Application Security Project (OWASP). In this paper, we explore the CSRF vulnerabilities, illustrate the real-world CSRF attack, and present novel CSRF attack tree models. The threat models provide for exploring, understanding, and validating security protection features in realistic web application scenarios.
OWASP, Cross-Site Request Forgery, threat model, attack tree
R. Ruhl, P. Zavarsky, X. Lin and D. Lindskog, "Threat Modeling for CSRF Attacks," 2009 International Conference on Computational Science and Engineering(CSE), Vancouver, Canada, 2009, pp. 486-491.