首页>
外国专利>
Systems and methods for protecting web based applications from cross site request forgery attacks
Systems and methods for protecting web based applications from cross site request forgery attacks
展开▼
机译:用于保护基于Web的应用程序免受跨站点请求伪造攻击的系统和方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
Computer implemented methods (200) for protecting web based applications (110, 114) from Cross Site Request Forgery (CSRF) attacks. The methods involve (204) classifying each resource offered by a web server application as a CSRF-protected resource or a not-CSRF-protected resource. The methods also involve (214, . . . , 222) performing a user authentication, (224) initializing an authentication-token, and (226) initializing a CSRF protection secret that is used to validate CSRF protection parameters contained in resource identifiers for the resources. The methods further involve (228) performing a server-side rewriting process (300) to add the CSRF protection parameter to the resource identifiers for the resources and/or (230) performing a client-side rewriting process to add the CSRF protection parameter to a resource identifier for a second resource (e.g., a resource created at a client computer (102)).
展开▼