Method for prevention of cross site request forgery attack

Active Publication Date: 2013-07-02
CPANEL LLC
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0014]The present invention is an improved method for preventing XSRF attack on a web site. The web site has a URL and is accessible from a port on a server. This invention: determines whether a requestor is legitimate; generates a session token for each session on the web site requested by the legitimate requestor; embeds the session token in a session cookie; additionally generates a s

Problems solved by technology

This vulnerability utilizes weaknesses in the design of web authentication mechanisms.
Whi

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for prevention of cross site request forgery attack
  • Method for prevention of cross site request forgery attack
  • Method for prevention of cross site request forgery attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030]While the present invention is described herein with reference to illustrative embodiments for particular applications, it should be understood that the invention is not limited thereto. Those having ordinary skill in the art and access to the teachings provided herein will recognize additional modifications, applications, and embodiments within the scope thereof and additional fields in which the present invention would be of significant utility.

[0031]FIG. 1 is a diagram showing connection of the server 14 containing this invention 10 to the internet. Most other users 18 connected to the internet 22 are legitimate requestors who might wish at some point to access the web site maintained on this server 14. The web site has a URL of the standard form, server: port / token / resource. For example https: / / domain.com / path / to / web / application.cgi. One user 26, however, is malicious and wishes to launch an XSRF attach on this server 14 and its web site.

[0032]FIG. 2 depicts a block diagra...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

An improved method for preventing XSRF attack on a web site, which has a URL and is accessible from a port on a server. This invention: determines whether a requestor is legitimate; generates a session token for each session on the web site requested by the legitimate requestor; embeds the session token in a session cookie; additionally generates a security token; embeds the security token in the original request URL; and redirects the web site request to the newly formed URL. The subsequent request of the URL containing the security token allows the server to verify the token and serve the web site to the legitimate requestor. In other words the server's web site for that user for that session is: port/security token/URL/ form data.

Description

BACKGROUND OF THE INVENTION[0001](1) Field of the Invention[0002]The present invention relates to the field of web application vulnerability and more particularly to prevention of Cross Site Request Forgery attack.[0003](2) Description of the Related Art[0004]Security tokens guard against a common form of web application vulnerability called a Cross Site Request Forgery (XSRF) attack. This vulnerability utilizes weaknesses in the design of web authentication mechanisms. A web browser is typically authenticated once per browsing session to a secured web destination. The attacker uses that persistent authentication to deceptively initiate requests to an authenticated web destination without the knowledge of the browser user. A XSRF attack commonly takes the form of hidden requests to another secured site within a malicious page. If the viewer of the page with hidden requests had previously visited and authenticated the target site, then the requests initiated by the malicious page wil...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L67/2814H04L63/1441H04L63/1483H04L63/168H04L67/02H04L67/14
Inventor LIGHTSEY, JOHN
Owner CPANEL LLC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap