Detection of cross-site request forgery attacks
First Claim
Patent Images
1. A computer-implemented method of detecting a cross-site request forgery (CSRF) attack, the method comprising:
- receiving an HTTP (Hypertext Transfer Protocol) response from a website, the HTTP response being responsive to a request for a web page previously submitted from a user computer to the website;
analyzing the HTTP response for presence of CSRF code by determining whether a type of content expected to be received by a web browser running in the user computer is consistent with content that will be provided to the web browser, the CSRF code comprising computer-readable program code which automatically accesses an online account of a user of the user computer upon receipt and execution of the CSRF code in the user computer without authorization from the user;
performing a security action when the CSRF code is found in the HTTP response;
receiving an HTTP request from the web browser;
analyzing the HTTP request for information indicative of a CSRF attack; and
performing the security action when the HTTP request includes information indicative of the CSRF attack.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus for detecting cross-site request forgery (CSRF) attacks include a CSRF detector that analyzes HTTP communications for information indicative of a CSRF attack. The CSRF detector may analyze HTTP responses from a website for CSRF code that automatically performs unauthorized access of an online account of a user of a user computer upon receipt and execution of the CSRF code in the user computer. The CSRF detector may also analyze HTTP requests from a web browser for information indicative of a CSRF attack.
8 Citations
15 Claims
-
1. A computer-implemented method of detecting a cross-site request forgery (CSRF) attack, the method comprising:
-
receiving an HTTP (Hypertext Transfer Protocol) response from a website, the HTTP response being responsive to a request for a web page previously submitted from a user computer to the website; analyzing the HTTP response for presence of CSRF code by determining whether a type of content expected to be received by a web browser running in the user computer is consistent with content that will be provided to the web browser, the CSRF code comprising computer-readable program code which automatically accesses an online account of a user of the user computer upon receipt and execution of the CSRF code in the user computer without authorization from the user; performing a security action when the CSRF code is found in the HTTP response; receiving an HTTP request from the web browser; analyzing the HTTP request for information indicative of a CSRF attack; and performing the security action when the HTTP request includes information indicative of the CSRF attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer having memory and a processor for executing computer-readable program code in the memory, the memory comprising:
-
a cross-site request forgery (CSRF) detector comprising computer-readable program code, wherein the CSRF detector detects a CSRF attack that automatically performs an unauthorized access of an online account of a user of a user computer when CSRF code is received and loaded in the user computer, the CSRF detector being configured to; detect presence of the CSRF code in an HTTP (Hypertext Transfer Protocol) response sent by a website to the user computer by determining whether a type of content expected to be received by a web browser running in the user computer is consistent with content that will be provided to the web browser, receive an HTTP request from the web browser, analyze the HTTP request for information indicative of the CSRF attack, and perform a security action when the CSRF code is found in the HTTP response, and perform the security action when the HTTP request includes information indicative of the CSRF attack. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
Specification