CSRF Attack And Defense Based On The Technology Of WEB Application

With the development and application of computer technology, Web application development has been rapid. In recent years, the HTML5 technology and Ajax technology have been the extensive used. So Web application development usheres in a new development climax. The new technology of Web applications has been applied to all aspects of society. It brings great changes and convenience for user’s life. But Web application has security threats, such as CSRF attack, it gives huge threats for user’s property and privacy. Therefore, this paper researches and analyzes CSRF attacks, the technology of HTML5 and Ajax.For the technology of HTML5 and Ajax, this paper analyzes their development course, and finds the the new features of their functional. These features give a lot of help in the Web application development. But in the face of security threats, such as Dos attack, SQL injection, XSS and CSRF attack, a lot of the new features in HTML5 and Ajax technology will bring the convenience for these attacks. So studying the form of these forms and giving protective measures to avoid these attacks.For research the CSRF attack, at first, this paper will be linked with XSS attacks to give a general description, so this paper puts forward its attack principle, and through the analysis of the theory of attack to give the root cause of inevitable CSRF attack. Now Web applications must use Cookie information, the Cookie information provided the use of space for CSRF attacks. In the face of Cookie information must use cases, this paper researches and discussions the technology of HTML 5 and Ajax and Web application security policy, the security policy is mainly the same origin policy, Cookie policy and Shared across the source request. The three strategies are made which can be better use and protection for Web applications, and the Cookie request has been limited, but the common used security policy does not ensure the security of Web application.This paper uses the technology of HTML 5 and Ajax to build a Web application, and takes the security policy and common defense. Then the paper uses CSRF attacks to test the Web application. The Paper through using the non- security, safety protection and security policy three aspects to attack test. And it puts forward a new CSRF attacks defense through the analysis and research of attack test, mainly through the form and Ajax requests authentication ways to protect Web application security.