A defensive approach for CSRF and broken authentication and session management attack

Abstract

Web application security is a fundamental information security that includes security of Web sites, Web applications, and/or Web services. Advanced Web application security relies on the foundation of online security that stresses the World Wide Web and their design libraries [1, 2]. Because of the development in Web 2.0, vast information sharing through social networking and demanding business adoption over the online Web and delivering services, Web applications are frequently attacked directly. False users rather try to attack the company infrastructure or attack the users accessing the Web site by forcing them to click on the forged malicious input, because of which industry is focusing more attention to online application security along with the security of the underlying computer network and operating systems. Online Web application designing should be improved by performing security analysis and security checks during the development stages as well as throughout the software development life cycle. As compared to most of the existing systems which detect only one attack at a time with limited rules, we propose an enhanced detecting model that can detect two attacks, that is, cross-site request forgery attack and broken authentication and session management attack within the same simulation environment with updated rule libraries and also have proposed a effective test environment.