Cross Site Request Forgery (XSRF) is regarded as one of the major threats on the Web. In this paper, we propose an approach that automatically retrofits the source code of legacy web applications with a widely-used defense approach for this attack. Our approach addresses a number of shortcomings in prior blackbox solutions for automatic XSRF protection. Our approach has been implemented in a tool called X-Protect that was used to retrofit several commercial Java-based web applications. Our experimental results demonstrate that the X-Protect approach is both effective and efficient in practice. © 2010 Springer-Verlag.
CITATION STYLE
Zhou, M., Bisht, P., & Venkatakrishnan, V. N. (2010). Strengthening XSRF defenses for legacy web applications using whitebox analysis and transformation. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6503 LNCS, pp. 96–110). https://doi.org/10.1007/978-3-642-17714-9_8
Mendeley helps you to discover research relevant for your work.