Browse > Article
http://dx.doi.org/10.7236/JIIBC.2014.14.4.57

Vulnerability Defense of On-Zeroboard using CSRF Attack  

Kim, Do-Won (Dept. of Computer & Information Communications Engineering, Hongik University)
Bae, Su-Yeon (Dept. of Computer & Information Communications Engineering, Hongik University)
An, Beongku (Dept. of Computer & Information Communications Engineering, Hongik University)
Publication Information
The Journal of the Institute of Internet, Broadcasting and Communication / v.14, no.4, 2014 , pp. 57-61 More about this Journal
Abstract
Zeroboard is a public bulletin board that can support PHP and MySQL. It has been used by many people because it is easy to use, but there is no more updates after Zeroboard4. So, there is a problem that its administrator will have nothing to do about it if zeroboard has a vulnerability. In this paper, we will discuss about CSRF(Cross Site request Forgery) which is developed and expanded by XSS(Cross Site Scripting). Also, we will find CSRF attacks and suggest an alternative method using VM-ware. The main features and contributions of the proposed method are as follows. First, make an environment construction using VM-ware and other tools. Second, analyze and prepare vulnerabilities using Proxy server. Performance evaluation will be conducted by applying possible countermeasure.
Keywords
Zeroboard; CSRF; VM-ware;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Nenad Jovanovic, Engin Kirda, and Christopher Kruegel, "Preventing Cross Site Request Forgery Attacks," IEEE Proc. of Securecomm and Workshops 2006, pp.1-10, August 2006.
2 Soeui Kim, Duri Choi, Beongku An, "Detection and Prevention Method by Analyzing Malignant Code of Malignant Bot," JIIBC, pp.199-207, vol.13, no.2, April 2013.   과학기술학회마을   DOI
3 Boyan Chen, Pavol Zavarsky, Ron Ruhl and Dale Lindskog, "A Study of the Effectiveness of CSRF Guard," IEEE Proc. of PASSAT/SocialCom 2011, October 2011.
4 http://www.vmware-com/support/ws3/doc/whatsnew_ws.html
5 http://www.virusbtn.com/magazine/overview/index,xml
6 ftp://ftp.cs.uta.fi/pub/vru/documents/test1997.zip
7 Xiaoli Lin, Pavol Zavarsky, Ron Ruhl, Dale Lindskog, "Threat Modeling for CSRF Attacks," IEEE Proc. of CSE2009, pp.486-491, August 2009.
8 Hossein Saiedian, Dan S. Broyles, "Security Vulnerabilities in the Same-Origin Policy: Implications and Alternatives," Computer, vol.44, issue9, pp.29 -36, September 2011.
9 Tatiana Alexenko, Mark Jenne, Suman Deb Roy, Wenjun Zeng, "Cross-Site Request Forgery: Attack and Defense," IEEE Proc. of CCNC2010, pp.1-2, January 2010.
10 Yin-Chang Sung, Michael Cheng Yi Cho, Chi-Wei Wang, Chia-Wei Hsu, Shiuhpyng Winston Shieh, "Light-Weight CSRF Protection by Labeling User-Created Contents," IEEE Proc. of SERE 2013, pp.60-69, June 2013.