11)Consider the following CSRF attack: ww.attacker.com GET /blog HTTP/1.1 POST /transfer HTTP/1.1 Referer: http://www.attacker.com/blog recipient attacker&amount $100 Cookle: SessionID=523FA4cd2E HTTP/1.1 200 OK Transfer completel www.bank.com a. One possible defense that the bank could adopt to block the attack above is to check the referer to ensure that it comes from the bank. Describe a plausible situation where this defense would NOT work. b. Describe a more robust defense that the bank could adopt to block the CSRF attack without experiencing the limitation identified in part (a), and explain how it would block the attack.

11)Consider the following CSRF attack: ww.attacker.com GET /blog HTTP/1.1 POST /transfer HTTP/1.1 Referer: http://www.attacker.com/blog recipient attacker&amount $100 Cookle: SessionID=523FA4cd2E HTTP/1.1 200 OK Transfer completel www.bank.com a. One possible defense that the bank could adopt to block the attack above is to check the referer to ensure that it comes from the bank. Describe a plausible situation where this defense would NOT work. b. Describe a more robust defense that the bank could adopt to block the CSRF attack without experiencing the limitation identified in part (a), and explain how it would block the attack.

Database System Concepts

7th Edition

ISBN:9780078022159

Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan

Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan

Chapter1: Introduction

Section: Chapter Questions

Problem 1PE

See similar textbooks

Related questions

Q: 1.To defeat XSS attacks, a developer decides to implement filtering on the browser side. Basically,…

A: XSS is a client-side vulnerability that targets other application users, and SQL injection is a…

Q: Give three different techniques that an attacker can use to make a victim send DNS requests to…

Q: Provide justification for the insecure nature of the following URLs and a strategy for shoring them…

A: Let's check out the answer. Linking to an unsafe domain may expose you to malicious content such as…

Q: Describe the reasons behind the following URLs' insecurity and what you propose to do to make them…

A: The purpose of routing protocols is to build steering tables, make steering decisions, and become…

Q: When web clients want access to protected resources on a web server, native authentication and…

A: Introduction: Layering network protocols and services simplifies networking protocols by dividing…

Q: List the Server-Client dialog to show the sequence of SMTP messages for sending an email from…

A: The Simple Mail Transfer Protocol (SMTP) is a communication protocol for electronic mail…

Q: 1. Cross-site Request Forgery Attacks Cross-site request forgery (CSRF), a.k.a "session riding"…

A: Answer: Cookies store the client data to enable a personalized experience for the website's users.…

Q: Using the following snort rule as a model, write a Snort rule which will detect your action of…

A: a situation where Snort generates an alert in the absence of a threat, malicious code or an…

Q: Explanation of how to implement native authentication and authorization services for gaining access…

A: Here's how to solve it: Here are the safety measures that are in place: New long-playing record…

Q: Web clients must utilize the web server's built-in authentication and authorization services before…

A: Introduction: Web server security is of utmost importance to protect sensitive data from…

Q: For the RogueRaticate malware, please write a short paragraph based on the given background and…

A: The RogueRaticate malware, identified as FakeSG, represents a sophisticated cyber threat that…

Q: Demonstrate the step-by-step implementation of native authentication and authorization services when…

A: Introduction: You may use Web Client to perform asynchronous non-blocking requests and compose them…

Q: Consider the following threats to Web security and describe how each is countered by a particular…

A: SSL (Secure Sockets Layer) is a protocol that provides secure communication over the internet. SSL…

Q: 15) If the form is submitted via GET request using HTTP, can a browser adversary (i.e., one who can…

A: Introduction: HTTP (Hypertext Transfer Protocol) is a protocol used for transferring data over the…

Q: w: WebBrowser :WebServer :VideoServer ickOnlink(v) processURL_Request(w, v) playVideo(w, v)…

A: The detailed of each function is below:

Q: Activity 5.3: Remediate a Vulnerability for JQuery 1.2 < 3.5.0 Multiple XSS

A: According to the self-reported version in the script, the version of jQuery hosted on the remote web…

Q: Write a simple javascript login page with password validation logic.

A: Simple JavaScript login page using password validation logic . Page is designed using HTML and CSS

Q: Describe the reasons behind the following URLs' insecurity and what you propose to do to make them…

A: The purpose of routing protocols is to build steering tables, make steering decisions, and become…

Q: Describe the reasons behind the following URLs' insecurity and what you propose to do to make them…

A: The purpose of routing protocols is to acquire knowledge of the available routes that already exist…

Q: In the event that a web client needs access to protected web server resources, you should…

A: The implementation of layered protocols becomes a viable option for implementing native…

Q: 101 Ram 10000 ram@gmail.com 102 Dinesh 20000 dinesh@gmail.com

A: XSD explains the way to officially define content in Extensible terminology (XML) text. We have to…

Q: Is there any way to lessen the load that page table shadowing puts on the server?

A: In this question we have to understand Is there any way to lessen the load that page table shadowing…

Q: Explanation of how to implement native authentication and authorization services for gaining access…

A: Authentication: Verifying an entity's identity is the goal of authentication. The process of…

Concept explainers

VLAN

VLAN stands for Virtual Local Area Network, and it is created from one or more local area networks. A Virtual Local Area Network (VLAN) is a customized network made up of one or more LANs. It allows a set of devices from different networks to be converted into a single logical network. As a result, a virtual LAN that is managed similarly to a physical LAN emerges.

Question

11) Consider the following CSRF attack:
ww.attacker.com
GET /blog HTTP/1.1
<form action=https://www.bank.com/transfer
method-POST target-invisibleframe>
<input name recipient value-attacker>
<input name amount value-$100>
</form>
<script>document.forms[0].submit()</script>
POST /transfer HTTP/1.1
Referer: http://www.attacker.com/blog
recipient attacker&amount $100
Cookie: SessionID=523FA4cd2E
HTTP/1.1 200 OK
Transfer complete!
T
www.bank.com
a. One possible defense that the bank could adopt to block the attack above is to check the referer
to ensure that it comes from the bank. Describe a plausible situation where this defense would NOT
work.
b. Describe a more robust defense that the bank could adopt to block the CSRF attack without
experiencing the limitation identified in part (a), and explain how it would block the attack.

Expert Solution

This question has been solved!

Explore an expertly crafted, step-by-step solution for a thorough understanding of key concepts.

SEE SOLUTION Check out a sample Q&A here

Step 1

Answer-a

Answer-a

Answer-b

Step by step

Solved in 4 steps

SEE SOLUTION Check out a sample Q&A here

Knowledge Booster

Learn more about

Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.

Similar questions

Provide justification for the insecure nature of the following URLs and a strategy for shoring them up:
Demonstrate how native authentication and authorization services are utilized when a web client requests access to a web server's protected resources. The simplest way to address this issue is to examine the following two explanations for layered protocols: Please provide specific instances to back up your claims.
Describe the reasons behind the following URLs' insecurity and what you propose to do to make them more secure.
Show how to implement native authentication and authorization services when a web client wants access to protected web server resources. Which two parameters support layered protocols? Give examples to back up your point.
An XSS attack requires a website meets two criteria: a. Web browser should have support JavaScript and accept user inputs. b. Accepts user input without validating it and SQL database should be running in the back-end. c. Accepts user input without validating it and construct the response based on user input. d. All of them