Abstract:
Online banking system has created an enormous impact on IT, Individuals,
and networking worlds. Online banking systems and its exclusive architecture have
numerous features and advantages over traditional banking system. The proposed
system detects the csrf-attack with two types of web application, sign in with token
and sign in without token. In the system, detection rate illustrates with percentage(%).
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute
unwanted actions on a web application in which they're currently authenticated. CSRF
attacks specifically target state-changing requests, not theft of data. This attacks target
functionality that causes a state change on the server such as changing the victim’s
email address, password or purchasing something. In the system, the attacker creates a
malicious link and sends to the website. The main objectives of the proposed system
is to provide the data security of the customer’s critical transmission data, to protect
for state changing functionalities on critical data processing between the client and
server, to illustrate the secure transaction and record transaction history, to prevent the
attack using the anti-csrf token when making transactions in banking system. The
proposed system illustrates the secure transaction in banking system and provides the
data security of the customer’s critical transmission data. The proposed system in this
thesis is implemented to prevent the CSRF attack. The Blum Blum Shub algorithm is
used to generate the Anti-csrf token. The token is a secret, unique and unpredictable
value a server-side application generates in order to protect CSRF vulnerable
resources. The tokens are generated and submitted by the server-side application and
SHA-256 hash is used when sending to the client site. After the request is made, the
server aspect utility compares the two tokens found in the user consultation and
inside the request. If the token is not match from the received transaction form , the
request is rejected.
