Csfire: Browser-Enforced Mitigation Against Csrf presented at BruCON 2010

by Lieven Desmet (Katholieke Universiteit Leuven),

Tags: Web Application Security

Summary : In this talk, we will presents three interesting results of our research: (1) an extensive, real-world traffic analysis to gain more insights in cross-domain web interactions, (2) requirements for client-side mitigation against CSRF and an analysis of existing browser extensions and (3) CsFire [2], our newly developed FireFox extension to mitigate CSRF. More details can this research be found in [1].

[1] Philippe De Ryck, Lieven Desmet, Thomas Heyman, Frank Piessens, and Wouter Joosen, CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests, In: Proceedings of 2nd Symposium on Engineering Secure Software and Systems (ESSoS 2010), LNCS 5965, pp. 18-34, 2010. [2] https://addons.mozilla.org/firefox/addon/58189

Lieven Desmet: Lieven Desmet is Research Manager on Secure Software at the Katholieke Universiteit Leuven (Belgium), where he coaches junior researchers and leads a research team on web application security. His main interests are in software verification and security of middleware and web-enabled technologies. Lieven is actively engaged in OWASP and is board member of the OWASP Chapter Belgium.