|
[1] Robert Auger. “The Cross-Site Request Forgery (CSRF/XSRF) FAQ.” http://www.cgisecurity.com/articles/csrf-faq.shtml, 2005. [2] J. Burns. “Cross Site Reference Forgery: An introduction to a Common Web Application Weakness.” Information Security Partners, LLC, 2005. [3] Dieter Gollmann. “Securing Web applications.” Hamburg University of Technology, Hamburg 21071, Germany, 2008. [4] Renaud Feil, Louis Nyffenegger. “Evolution of cross site request forgery attacks.” Proceedings of the Second IEEE Conference on Security and Communication, 2007. [5] Martin Johns. “On XSRF and Why You Should Care.” Talk at the PacSec 2006 Conference, 2006. [6] M Johns and J Winter. “RequestRodeo: Client Side Protection against Session Riding.” Proceedings of the OWASP Europe 2006 Conference, Report CW448, 2006, pp. 5–17. http://www.informatik.uni-hamburg.de/SVS/personnel/martin/psj06johns-e.pdf. [7] Nenad Jovanovic, Engin Kirda, and Christopher Kruegel. “Preventing Cross Site Request Forgery Attacks.” Proceedings of the Second IEEE Conference on Security and Privacy in Communications Networks (SecureComm), 2006. [8] Chris K. Karlof, Umesh Shankar, Doug Tygar and David Wagner. “Locked Cookies: Web authentication security against phishing, pharming, and active Attacks.” Technical Report No. UCB/EECS-2007-25, 2007. [9] Mehran Nadjarbashi-Noghani and Ali A. Ghorbani. “Improving the Referrer- Based Web Log Session Reconstruction.” IEEE Proceedings of the Second Annual Conference on Communication Networks and Services Research, 2004. [10] Jesse Ruderman. “The Same Origin Policy.” http://www.mozilla.org/projects/security/components/same-origin.html, 2001. [11] Thomas Schreiber. “Session Riding – A Widespread Vulnerability in Web Applications.” Whitepaper, SecureNet GmbH, http://www.securenet.de/papers/SessionRiding.pdf, 2005. [12] Dinh Nguyen Tran, Wei Tsang Ooi, and Y.C. Tay. “SAX: A Tool for Studying Congestion-induced Surfer Behavior.” National University of Singapore, 2006. [13] “GMail CSRF/XSRF (Cross Site Request Forgery) flaw fixed.” 2007, http://www.oreillynet.com/xml/blog/2007/01/gmail_exploit_contact_list_hij.html. [14] “OWASP’s top 10 threat”. http://www.owasp.org/index.php/Top_10_2007, 2007. [15] “PHP Manual” http://www.php.net/manual/en. [16] RFC 2616. “Security Considerations.” http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html, 1999.
|