UCSY's Research Repository

PREVENTION OF CROSS-SITE REQUEST FORGERY USING ANTI-CSRF TOKEN

Show simple item record

dc.contributor.author Win, Phyu Phyu
dc.date.accessioned 2022-10-03T15:37:48Z
dc.date.available 2022-10-03T15:37:48Z
dc.date.issued 2022-09
dc.identifier.uri https://onlineresource.ucsy.edu.mm/handle/123456789/2748
dc.description.abstract Online banking system has created an enormous impact on IT, Individuals, and networking worlds. Online banking systems and its exclusive architecture have numerous features and advantages over traditional banking system. The proposed system detects the csrf-attack with two types of web application, sign in with token and sign in without token. In the system, detection rate illustrates with percentage(%). Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data. This attacks target functionality that causes a state change on the server such as changing the victim’s email address, password or purchasing something. In the system, the attacker creates a malicious link and sends to the website. The main objectives of the proposed system is to provide the data security of the customer’s critical transmission data, to protect for state changing functionalities on critical data processing between the client and server, to illustrate the secure transaction and record transaction history, to prevent the attack using the anti-csrf token when making transactions in banking system. The proposed system illustrates the secure transaction in banking system and provides the data security of the customer’s critical transmission data. The proposed system in this thesis is implemented to prevent the CSRF attack. The Blum Blum Shub algorithm is used to generate the Anti-csrf token. The token is a secret, unique and unpredictable value a server-side application generates in order to protect CSRF vulnerable resources. The tokens are generated and submitted by the server-side application and SHA-256 hash is used when sending to the client site. After the request is made, the server aspect utility compares the two tokens found in the user consultation and inside the request. If the token is not match from the received transaction form , the request is rejected. en_US
dc.language.iso en en_US
dc.subject ANTI-CSRF TOKEN en_US
dc.title PREVENTION OF CROSS-SITE REQUEST FORGERY USING ANTI-CSRF TOKEN en_US
dc.type Thesis en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search Repository



Browse

My Account

Statistics