Towards stateless, client-side driven Cross-Site Request Forgery protection for Web applications
Cross-site request forgery (CSRF) is one of the dominant threats in the Web application landscape. In this paper,wepresent alightweight and stateless protection mechanism that can be added to an existing application without requiring changes to the application'sc ode. The keyf unctionality of the approach, which is based on the double-submit technique, is purely implemented on the client-side. This wayfull coverage of client-side generation of HTTP requests is provided. 1I ntroduction
... Request Forgery (CSRF) is one of the dominant threats in the Webapplication landscape. It has been rated by the OWASP on place five in their widely regarded "Top Ten Most Critical WebApplication Security Vulnerabilities" [Ope10a]. CSRF exists due to an unfortunate combination of poor design choices which have been made while evolving the Weba pplication paradigm. The fundamental cause being the adding of transparent authentication tracking using HTTP cookies onto astateless hypertext medium consisting of HTTP and HTML. Forthis reason, there is no "easy fix" for CSRF.Instead, the current practice is to selectively identify all potential vulnerable interfaces that aW eb application exposes and protecting them manually within the application logic. In this paper,w ep resent al ightweight and stateless protection mechanism which can be added to an application deployment without requiring anychanges to the actual application code. Our approach reliably outfits all legitimate HTTP requests with evidence which allows the Webserver to process these requests securely. 2T echnical background In this section, we brieflyrevisit the technical background of Webauthentication tracking and howitcan be misused by CSRF,before detailing the mechanism of the double-submit cookie protection.