A new WAF-based architecture for protecting web applications against CSRF attacks in malicious environment

Abstract

Web application firewall is an application firewall for HTTP applications. Typical WAF uses static analysis of HTTP request, defined as a set of rules, to find potentially dangerous payloads in the requests. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection which are server-related attacks. Cross-site scripting is client-side attack however the server is attacked and forced to return malicious response. Rule-based approach becomes useless when the attack is client-related, for example employing malware on the banking site. Malware allows to change the transfer data. This scenario is hard to detect because the browser displays valid transfer data and data is changed to the thieves' accounts number at the communication stage. In this paper we introduce a new web-based architecture for protecting web applications against CSRF attacks in malicious environemnt. In our approach we extend a classic, static WAF approach with historical and behavioral analysis, based on actions performed by the user in the past.