| In recent years, the applications base on Web and database architecture are more widely used, especially since entering the Web2.0era, Web technology to highlight the interactivity and real-time features to get people of all ages. Such as personal blog, social networking sites, online shopping networks and other emerging interactive applications have become part of people’s lives, thus simultaneously, Web technology brings a new Web application security issues.Cross-site request forgery is one of the major Web application security threats, attacker to construct a malicious requests, and induce the legitimate users to access through social engineering to achieve in the Web application to the user identity of the attacker desired operating purposes. By using cross-site request forgery, an attacker can often penetrate further into the target Web applications, so as to cause a huge threat to the target site. Therefore, how to effectively defend against CSRF vulnerabilities for Web applications to ensure security is very important.This paper analyzes the current domestic and Web security technology, and cross-site request forgery attacks closely related to the core technology has been described in detail, and then focus on the forgery defense strategy and the principle of common defense tool cross-site requests. For the inadequacies of the current CSRF prevention methods, this paper designed a CSRF module design based on the server side, the module mainly be achieved using a filter. The filter in the J2EE platform design, add Token-based mechanisms, the use of J2EE Servlet filters and JavaScript to write the script technology. It does this by blocking the server and client prior to the request and response, and verify that information is processed. Implement the module supports server-side modifications, no browser-based client using JavaScript event delegate mechanism to bind a form to submit an event to get the focus and can effectively handle requests created dynamically.Finally, the experimental results show that the effective defense of the Web application module of CSRF attacks, and other prevention tools, compared with better usability and effectiveness. |
PDF Full Text Request