Cover Image

Modeling of post-incident root cause analysis for cross site request forgery (CSRF) attack

With the advancement ment of ICT technology, especially on web technologies, people have changes their way of doing this. Online transactions have become more popular compared to physically going at the specific location to do transactions. However, the advancement of web technology has also...

Full description

Saved in:
Bibliographic Details
Main Author: Mustafa, Mohd Nawawi
Format: Thesis
Language:English
Published: 2015
Online Access:http://psasir.upm.edu.my/id/eprint/50428/1/FSKTM%202015%2039%20IR.pdf
http://psasir.upm.edu.my/id/eprint/50428/
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.upm.eprints.50428
record_format eprints
spelling my.upm.eprints.504282019-01-29T08:30:09Z http://psasir.upm.edu.my/id/eprint/50428/ Modeling of post-incident root cause analysis for cross site request forgery (CSRF) attack Mustafa, Mohd Nawawi With the advancement ment of ICT technology, especially on web technologies, people have changes their way of doing this. Online transactions have become more popular compared to physically going at the specific location to do transactions. However, the advancement of web technology has also introduced new security threats to the businesses and the clients. OWASP Top 10 security project has classifies web application security incident into ten categories of most commonly exploited vulnerabilities. Eventhough the countermeasures for those vulnerabilities have been available for some time, the numbers of exploited web applications are increasing each year. One of the factors that contributes to the increasing number of ICT security incidents is failure to determine the root cause of an incident, thus allowing the attacker to repeat an attack on the system in the future by exploiting the same vulnerability. This study will propose a model for post-incident root cause analysis to determine the suitable countermeasures in rectifying the Cross Site Request Forgery (CSRF) vulnerabilities. The proposed model were consists of attacker component, countermeasure component and inference component. The proposed model will be developed using Colored Petri Nets. CSRF attack simulation was performed using Damn Vulnerable Web Application (DVWA) as the target machine and tested based on recommendations by the previous researchers. To test the effectiveness of the developed model, the result of the CSRF attack simulations were compared with results by other researchers in the same category. Hopefully, the proposed post-incident root cause analysis will benefit web application developers, security auditors and other related parties to identify and fix CSRF vulnerabilities on their web applications. 2015-07 Thesis NonPeerReviewed text en http://psasir.upm.edu.my/id/eprint/50428/1/FSKTM%202015%2039%20IR.pdf Mustafa, Mohd Nawawi (2015) Modeling of post-incident root cause analysis for cross site request forgery (CSRF) attack. Masters thesis, Universiti Putra Malaysia.
institution Universiti Putra Malaysia
building UPM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Putra Malaysia
content_source UPM Institutional Repository
url_provider http://psasir.upm.edu.my/
language English
description With the advancement ment of ICT technology, especially on web technologies, people have changes their way of doing this. Online transactions have become more popular compared to physically going at the specific location to do transactions. However, the advancement of web technology has also introduced new security threats to the businesses and the clients. OWASP Top 10 security project has classifies web application security incident into ten categories of most commonly exploited vulnerabilities. Eventhough the countermeasures for those vulnerabilities have been available for some time, the numbers of exploited web applications are increasing each year. One of the factors that contributes to the increasing number of ICT security incidents is failure to determine the root cause of an incident, thus allowing the attacker to repeat an attack on the system in the future by exploiting the same vulnerability. This study will propose a model for post-incident root cause analysis to determine the suitable countermeasures in rectifying the Cross Site Request Forgery (CSRF) vulnerabilities. The proposed model were consists of attacker component, countermeasure component and inference component. The proposed model will be developed using Colored Petri Nets. CSRF attack simulation was performed using Damn Vulnerable Web Application (DVWA) as the target machine and tested based on recommendations by the previous researchers. To test the effectiveness of the developed model, the result of the CSRF attack simulations were compared with results by other researchers in the same category. Hopefully, the proposed post-incident root cause analysis will benefit web application developers, security auditors and other related parties to identify and fix CSRF vulnerabilities on their web applications.
format Thesis
author Mustafa, Mohd Nawawi
spellingShingle Mustafa, Mohd Nawawi
Modeling of post-incident root cause analysis for cross site request forgery (CSRF) attack
author_facet Mustafa, Mohd Nawawi
author_sort Mustafa, Mohd Nawawi
title Modeling of post-incident root cause analysis for cross site request forgery (CSRF) attack
title_short Modeling of post-incident root cause analysis for cross site request forgery (CSRF) attack
title_full Modeling of post-incident root cause analysis for cross site request forgery (CSRF) attack
title_fullStr Modeling of post-incident root cause analysis for cross site request forgery (CSRF) attack
title_full_unstemmed Modeling of post-incident root cause analysis for cross site request forgery (CSRF) attack
title_sort modeling of post-incident root cause analysis for cross site request forgery (csrf) attack
publishDate 2015
url http://psasir.upm.edu.my/id/eprint/50428/1/FSKTM%202015%2039%20IR.pdf
http://psasir.upm.edu.my/id/eprint/50428/
_version_ 1643834660319395840
score 13.214268

Similar Items