Dr. Drew Hwang, CIS, Cal Poly Pomona
Secure Web Development
Defending SQL Injection
Issues in SWA
Project: Defending CSRF Attack
Based on the
application downloaded in Project #1, deploy effective session management to defend CSRF attacks.
Do the Exercise #3 (Online Store CSRF) again to understand how an attacker can perform a forgery action on behave of the victim.
Remove the original function of the Grades Central that displays the user's grades immediately after a successful login. Instead, create a function that generates a random session ID (SID) for the user, store the SID in the session variables on the server, and requests the browser to create a cookie and store the session ID in the cookie.
Create a button (or linkbutton) with a function to enable the user (after the successful login) to request his/her grades. Upon the button is clicked the function will first request the browser to send the SID stored in the cookie for verification. If the SID stored in the cookie matches the SID stored in the session variable, the function will then send the grades.
Like the web application vulnerability shown in Exercise #3, an attacker (a legitimate user in this case) can login to the Grades Central from another browser and make a forgery request to view a victim's grades by (1) clicking the link, (2) intercepting the HTTP request, (3) replace the attacker's SID by the stolen victim SID, and (4) forwarding the HTTP request.
Copy and paste the modified GradesCentral website to GradesCentralProtected website.
Develop effective defensive measures on the GradesCentralProtected website to mitigate this type of CSRF.
Write a page .doc to explain your defensive strategy.
In the .vb or .cs where the defensive measures are implemented, write clear comments for explanation.
Zip (1) the modified GradesCentral website,(2) the GradesCentralProtected website, and (3) the one-page .doc and send it to email@example.com with "Final Exam Project - your team members' lastname" as the subject.