|
[1] A. AlAmeen, “Building a Robust Client-Side Protection Against Cross Site Request Forgery,” International Journal of Advanced Computer Science and Applications, pp. 64-70, 2015.
[2] A. Barth, C. Jackson and J. C. Mitchell, “Robust defenses for cross-site request forgery,” 15th ACM conference on Computer and communications security, pp. 75-88, 2008.
[3] P. Bhaumik and S. Thota, “Preventing Login Cross-Site Request Forgery Attacks using preSessions,” Department of Computer Science, University of California Davis, pp. 1-9, 2010.
[4] A. Czeskis, A. Moshchuk, T.Kohno and H. J. Wang, “Lightweight server support for browser-based csrf protection,” 22nd international conference on World Wide Web, pp. 273-284, 2013.
[5] W. Maes, T. Heyman, L. Desmet and W. Joosen, “Browser protection against cross-site request forgery,”ACM workshop on Secure execution of untrusted code, pp. 3-10, 2009.
[6] D. P. Ryck, L. Desmet, W. Joosen and F. Piessens, “Automatic and precise client-side protection against CSRF attacks,” Computer Security–ESORICS, Springer Berlin Heidelberg, pp. 100-116, 2011.
[7] T. Schreiber, “Session riding: A widespread vulnerability in today’s web applications,” Whitepaper, SecureNet GmbH, pp. 1-16, 2004.
[8] Y. C. Sung, M. C. Y. Cho , C. W. Wang, C. W. Hsu and S. W. Shieh, “Light-weight CSRF protection by labeling user-created contents,” IEEE 7th International Conference on Software Security and Reliability, pp. 60-69, 2013.
[9] J. Williams and D. Wichers, “OWASP top 10–2010,” OWASP Foundation, 2010.
[10] D. Wichers, “OWASP Top-10 2013,” OWASP Foundation, 2013.
[11] W. Zeller and E. W. Felten, “Cross-site request forgeries: Exploitation and prevention,” Technical report, pp. 1-13, 2008.
[12] Alexa, “Browse top sites,” Available: http://www.alexa.com/topsites 2016
[13] Chrome, “What are extensions?” Available: https://developer.chrome.com/extensions
[14] DVWA, “Damn Vulnerable Web Application(DVWA) ,” Available: http://www.dvwa.co.uk/
[15] Exploit Database, “Exploit Database,” Available: https://www.exploit-db.com/
[16] B. Prabakaran, G. Athisenbagam and K. T. Ganesh, “Identifying Robust Defenses for Login CSRF,” Technical report, Available: https://www.cs.uic.edu/~bprabaka/LoginCSRF.pdf
[17] XAMPP, “XAMPP,” Available: https://www.apachefriends.org/zh_tw/index.html
|