Modeling of post-incident root cause analysis for cross site request forgery (CSRF) attack
With the advancement ment of ICT technology, especially on web technologies, people have changes their way of doing this. Online transactions have become more popular compared to physically going at the specific location to do transactions. However, the advancement of web technology has also...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2015
|
| Subjects: | |
| Online Access: | http://psasir.upm.edu.my/id/eprint/50428/1/FSKTM%202015%2039%20IR.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-upm-ir.50428 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-upm-ir.504282019-01-29T08:30:09Z Modeling of post-incident root cause analysis for cross site request forgery (CSRF) attack 2015-07 Mustafa, Mohd Nawawi With the advancement ment of ICT technology, especially on web technologies, people have changes their way of doing this. Online transactions have become more popular compared to physically going at the specific location to do transactions. However, the advancement of web technology has also introduced new security threats to the businesses and the clients. OWASP Top 10 security project has classifies web application security incident into ten categories of most commonly exploited vulnerabilities. Eventhough the countermeasures for those vulnerabilities have been available for some time, the numbers of exploited web applications are increasing each year. One of the factors that contributes to the increasing number of ICT security incidents is failure to determine the root cause of an incident, thus allowing the attacker to repeat an attack on the system in the future by exploiting the same vulnerability. This study will propose a model for post-incident root cause analysis to determine the suitable countermeasures in rectifying the Cross Site Request Forgery (CSRF) vulnerabilities. The proposed model were consists of attacker component, countermeasure component and inference component. The proposed model will be developed using Colored Petri Nets. CSRF attack simulation was performed using Damn Vulnerable Web Application (DVWA) as the target machine and tested based on recommendations by the previous researchers. To test the effectiveness of the developed model, the result of the CSRF attack simulations were compared with results by other researchers in the same category. Hopefully, the proposed post-incident root cause analysis will benefit web application developers, security auditors and other related parties to identify and fix CSRF vulnerabilities on their web applications. Web applications - Security measures Root cause analysis Computer networks - Security measures 2015-07 Thesis http://psasir.upm.edu.my/id/eprint/50428/ http://psasir.upm.edu.my/id/eprint/50428/1/FSKTM%202015%2039%20IR.pdf text en public masters Universiti Putra Malaysia Web applications - Security measures Root cause analysis Computer networks - Security measures |
| institution |
Universiti Putra Malaysia |
| collection |
PSAS Institutional Repository |
| language |
English |
| topic |
Web applications - Security measures Root cause analysis Computer networks - Security measures |
| spellingShingle |
Web applications - Security measures Root cause analysis Computer networks - Security measures Mustafa, Mohd Nawawi Modeling of post-incident root cause analysis for cross site request forgery (CSRF) attack |
| description |
With the advancement ment of ICT technology, especially on web
technologies, people have changes their way of doing this. Online
transactions have become more popular compared to physically going at the
specific location to do transactions. However, the advancement of web
technology has also introduced new security threats to the businesses and
the clients.
OWASP Top 10 security project has classifies web application security
incident into ten categories of most commonly exploited vulnerabilities. Eventhough the countermeasures for those vulnerabilities have been available for
some time, the numbers of exploited web applications are increasing each
year. One of the factors that contributes to the increasing number of ICT
security incidents is failure to determine the root cause of an incident, thus
allowing the attacker to repeat an attack on the system in the future by
exploiting the same vulnerability.
This study will propose a model for post-incident root cause analysis to
determine the suitable countermeasures in rectifying the Cross Site Request
Forgery (CSRF) vulnerabilities. The proposed model were consists of attacker
component, countermeasure component and inference component.
The proposed model will be developed using Colored Petri Nets. CSRF attack
simulation was performed using Damn Vulnerable Web Application (DVWA)
as the target machine and tested based on recommendations by the previous
researchers.
To test the effectiveness of the developed model, the result of the CSRF
attack simulations were compared with results by other researchers in the
same category.
Hopefully, the proposed post-incident root cause analysis will benefit web
application developers, security auditors and other related parties to identify
and fix CSRF vulnerabilities on their web applications. |
| format |
Thesis |
| qualification_level |
Master's degree |
| author |
Mustafa, Mohd Nawawi |
| author_facet |
Mustafa, Mohd Nawawi |
| author_sort |
Mustafa, Mohd Nawawi |
| title |
Modeling of post-incident root cause analysis for cross site request forgery (CSRF) attack |
| title_short |
Modeling of post-incident root cause analysis for cross site request forgery (CSRF) attack |
| title_full |
Modeling of post-incident root cause analysis for cross site request forgery (CSRF) attack |
| title_fullStr |
Modeling of post-incident root cause analysis for cross site request forgery (CSRF) attack |
| title_full_unstemmed |
Modeling of post-incident root cause analysis for cross site request forgery (CSRF) attack |
| title_sort |
modeling of post-incident root cause analysis for cross site request forgery (csrf) attack |
| granting_institution |
Universiti Putra Malaysia |
| publishDate |
2015 |
| url |
http://psasir.upm.edu.my/id/eprint/50428/1/FSKTM%202015%2039%20IR.pdf |
| _version_ |
1747812035922493440 |