{"id":"https://openalex.org/W2147649493","doi":"https://doi.org/10.1145/2076732.2076768","title":"A server- and browser-transparent CSRF defense for web 2.0 applications","display_name":"A server- and browser-transparent CSRF defense for web 2.0 applications","publication_year":2011,"publication_date":"2011-12-05","ids":{"openalex":"https://openalex.org/W2147649493","doi":"https://doi.org/10.1145/2076732.2076768","mag":"2147649493"},"language":"en","primary_location":{"id":"doi:10.1145/2076732.2076768","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2076732.2076768","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 27th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5021590387","display_name":"Riccardo Pelizzi","orcid":null},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Riccardo Pelizzi","raw_affiliation_strings":["Stony Brook University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Stony Brook University","institution_ids":["https://openalex.org/I59553526"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102886132","display_name":"R. Sekar","orcid":"https://orcid.org/0009-0008-9135-3296"},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"R. Sekar","raw_affiliation_strings":["Stony Brook University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Stony Brook University","institution_ids":["https://openalex.org/I59553526"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.2924,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.91570877,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"257","last_page":"266"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9876999855041504,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/client-side-scripting","display_name":"Client-side scripting","score":0.8262649774551392},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7598247528076172},{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.7515007257461548},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.7044342160224915},{"id":"https://openalex.org/keywords/web-api","display_name":"Web API","score":0.6938436031341553},{"id":"https://openalex.org/keywords/web-server","display_name":"Web server","score":0.5884155035018921},{"id":"https://openalex.org/keywords/web-page","display_name":"Web page","score":0.5124416947364807},{"id":"https://openalex.org/keywords/application-server","display_name":"Application server","score":0.5008456707000732},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.48332810401916504},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.46043461561203003},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.44905921816825867},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.440030962228775},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.33068332076072693},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1134738028049469}],"concepts":[{"id":"https://openalex.org/C195274430","wikidata":"https://www.wikidata.org/wiki/Q1650567","display_name":"Client-side scripting","level":5,"score":0.8262649774551392},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7598247528076172},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.7515007257461548},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.7044342160224915},{"id":"https://openalex.org/C127613066","wikidata":"https://www.wikidata.org/wiki/Q557770","display_name":"Web API","level":4,"score":0.6938436031341553},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.5884155035018921},{"id":"https://openalex.org/C21959979","wikidata":"https://www.wikidata.org/wiki/Q36774","display_name":"Web page","level":2,"score":0.5124416947364807},{"id":"https://openalex.org/C164554305","wikidata":"https://www.wikidata.org/wiki/Q71550","display_name":"Application server","level":2,"score":0.5008456707000732},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.48332810401916504},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.46043461561203003},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.44905921816825867},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.440030962228775},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.33068332076072693},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1134738028049469}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/2076732.2076768","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2076732.2076768","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 27th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.399.9030","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.399.9030","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://seclab.cs.sunysb.edu/seclab1/pubs/acsac11.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.645.2583","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.645.2583","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.8199999928474426,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G2293693458","display_name":null,"funder_award_id":"CNS-0831298","funder_id":"https://openalex.org/F4320337388","funder_display_name":"Division of Computer and Network Systems"},{"id":"https://openalex.org/G505378490","display_name":null,"funder_award_id":"FA9550-09-1-0539","funder_id":"https://openalex.org/F4320338279","funder_display_name":"Air Force Office of Scientific Research"},{"id":"https://openalex.org/G8062155279","display_name":null,"funder_award_id":"N000140710928","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"}],"funders":[{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"},{"id":"https://openalex.org/F4320337388","display_name":"Division of Computer and Network Systems","ror":"https://ror.org/02rdzmk74"},{"id":"https://openalex.org/F4320338279","display_name":"Air Force Office of Scientific Research","ror":"https://ror.org/011e9bt93"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":10,"referenced_works":["https://openalex.org/W39495240","https://openalex.org/W1491243518","https://openalex.org/W1555227072","https://openalex.org/W1577821534","https://openalex.org/W2057718232","https://openalex.org/W2066437172","https://openalex.org/W2072978486","https://openalex.org/W2095054150","https://openalex.org/W2119085032","https://openalex.org/W6906355099"],"related_works":["https://openalex.org/W187998727","https://openalex.org/W1531015913","https://openalex.org/W2326682353","https://openalex.org/W4244258610","https://openalex.org/W4319431564","https://openalex.org/W3149638606","https://openalex.org/W2046312985","https://openalex.org/W1566985031","https://openalex.org/W3157804828","https://openalex.org/W2378351393"],"abstract_inverted_index":{"Cross-Site":[0],"Request":[1],"Forgery":[2],"(CSRF)":[3],"vulnerabilities":[4],"constitute":[5],"one":[6],"of":[7,119,136,141],"the":[8,17,103,155,160],"most":[9],"serious":[10],"web":[11,36,98,170],"application":[12,37,99],"vulnerabilities,":[13],"ranking":[14],"fourth":[15],"in":[16,154],"CWE/SANS":[18],"Top":[19],"25":[20],"Most":[21],"Dangerous":[22],"Software":[23],"Errors.":[24],"By":[25],"exploiting":[26],"this":[27],"vulnerability,":[28],"an":[29],"attacker":[30],"can":[31,46,87,145],"submit":[32],"requests":[33,147],"to":[34,48,97,105,116,148,159,174],"a":[35,39,60,73,91,120,124],"using":[38],"victim":[40],"user's":[41],"credentials.":[42],"A":[43],"successful":[44],"attack":[45],"lead":[47],"compromised":[49],"accounts,":[50],"stolen":[51],"bank":[52],"funds":[53],"or":[54,82,102,123,167],"information":[55],"leaks.":[56],"This":[57],"paper":[58],"presents":[59],"new":[61],"server-side":[62,129],"defense":[63],"against":[64],"CSRF":[65],"attacks.":[66],"Our":[67],"solution,":[68],"called":[69],"jCSRF,":[70],"operates":[71],"as":[72],"serverside":[74],"proxy,":[75],"and":[76,162],"does":[77],"not":[78,152],"require":[79],"any":[80],"server":[81],"browser":[83,122,125],"modifications.":[84],"Thus,":[85],"it":[86],"be":[88],"deployed":[89],"by":[90,165],"site":[92],"administrator":[93],"without":[94,112],"requiring":[95,113],"access":[96],"source":[100],"code,":[101],"need":[104,173],"understand":[106],"it.":[107],"Moreover,":[108],"protection":[109],"is":[110],"achieved":[111],"web-site":[114],"users":[115],"make":[117,175],"use":[118,140],"specific":[121],"plug-in.":[126],"Unlike":[127],"previous":[128],"solutions,":[130],"jCSRF":[131],"addresses":[132],"two":[133,166],"key":[134],"aspects":[135],"Web":[137],"2.0:":[138],"extensive":[139],"client-side":[142],"scripts":[143],"that":[144,150,172],"create":[146],"URLs":[149],"do":[151],"appear":[153],"HTML":[156],"page":[157],"returned":[158],"client;":[161],"services":[163],"provided":[164],"more":[168],"collaborating":[169],"sites":[171],"cross-domain":[176],"requests.":[177]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2017,"cited_by_count":2},{"year":2014,"cited_by_count":2},{"year":2012,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}