Alaa A. Almarzuki

Work place: King AbdulAziz University/Faculty of Computing and Information Technology Jeddah, 21542, Saudi Arabia

E-mail: aalmarzuki0001@stu.kau.edu.sa

Website:

Research Interests: Artificial Intelligence, Information Security, Network Security, Database Management System, Information-Theoretic Security

Biography

Alaa A. Almarzouqi is a master student in IT Department at King Abdulaziz University, interested in Database, Security and Artificial Intelligent.

Author Articles
CSRFDtool: Automated Detection and Prevention of a Reflected Cross-Site Request Forgery

By Omar A. Batarfi Aisha M. Alshiky Alaa A. Almarzuki Nora A. Farraj

DOI: https://doi.org/10.5815/ijieeb.2014.05.02, Pub. Date: 8 Oct. 2014

The number of Internet users is dramatically increased every year. Most of these users are exposed to the dangers of attackers in one way or another. The reason for this lies in the presence of many weaknesses that are not known for ordinary users. In addition, the lack of user awareness is considered as the main reason for falling into the attackers' snares. Cross Site Request Forgery (CSRF) has placed in the list of the most dangerous threats to security in OWASP Top Ten for 2013. CSRF is an attack that forces the user's browser to send or perform unwanted request or action without user awareness by exploiting a valid session between the browser and the server. When CSRF attack success, it leads to many bad consequences. An attacker may reach private and personal information and modify it. This paper aims to detect and prevent a specific type of CSRF, called reflected CSRF. In a reflected CSRF, a malicious code could be injected by the attackers. This paper explores how CSRF Detection Extension prevents the reflected CSRF by checking browser specific information. Our evaluation shows that the proposed solution is successful in preventing this type of attack.

[...] Read more.
Other Articles