Kajian Keamanan Aplikasi Web Berbasis AJAX Terhadap Serangan Cross Site Request Forgery (CSRF)

Penulis

  • Andrew Pakpahan

https://doi.org/10.36342/teika.v2i2.124

Abstrak

Abstrak

Penggunaan aplikasi berbasis web merupakan hal yang umum sekarang ini. Pengembang aplikasi yang mengutamakan kecepatan, interaksi yang baik dengan pengguna menggunakan AJAX dalam aplikasi web yang dikembangkan. Ada berbagai macam serangan terhadap aplikasi web berbasis AJAX salah satunya adalah CSRF (Cross Site Rquest Forgery). Walaupun CSRF ini tidak hanya dapat menyerang aplikasi web yang berbasis AJAX, namun pada aplikasi web berbasis AJAX serangan ini mempunyai kemungkinan sukses yang lebih besar karena berdasarakan sifat aplikasi berbasis AJAX itu sendiri. Dalam makalah ini dijelaskan mengenai cara kerja serangan CSRF ke aplikasi web secara umum dan kepada aplikasi yang menggunakan AJAX secara khususnya. Hal yang dibahas termasuk pembatasan bagaimana serangan CSRF ini dimungkinkan, bagaimana cam mencegahnya dan kemudian disertakan juga contoh sederhana berupa code yang vurnerable terhadap serangan CSRF dan cara penanggulangannya.

 

Abstract

Web based application usage is a common thing now days. Application developer that focused on speed, good user interaction use AJAX in the web application development. There are many kind of attack on web based application, one of them is Cross Site Request Forgery (CSRF). Even tough CSRF not only attacking web based applicauon based on AJAX, but on the web based application that use AJAX the success rate have better probability. This paper explain how CSRF attack works on web based application in general and on AIAX based application. Included how to limit CSRF atbck is possible, how to prevent it and also included example with vulnerable code and how to prevent it.

Article Metrics

Unduhan

Data unduhan belum tersedia.

Referensi

Secure Enterprise 2.0 Forum. (2009). Top Web 2.0 Security Threats http://www.secure-enterprise20.org

Shiflett, Chris (2004). Security Corner: Cross-Site Request Forgeries USA: phparchitect

Adam Barth, Collin Jackson, and John C. Mitchell. (2008). Robust Defenses for Cross-Site Request Forgery.

Jeremiah Grossman, Google YouTube crossdomain Security flaw.

Acunetix, 20C9. Are AJAX Appliations Vulnerable to Hack Attacks" http://www.acunetix.com/websitesecurity/ajax. htm

Hoffman, Billy and Sullivan, Bryan. (2007). AJAX Security. USA: Addison-Wesley Professional.

Babin, Lee. (2007). Beginning Ajax with PHP: From Novice to Professional. USA: Apress

Shah, Sheeraj (2007). Web 2.0 Security - Defending AJAX, RIA, AND SOA.USA: Charles River Media.

Wells, Christopher (2007). Securing Ajax Appliations: Ensuring the Safety of the Dynamic Web .USA: O'Reilly Media, Inc.

##submission.downloads##

Diterbitkan

2009-12-01

Cara Mengutip

Pakpahan, A. (2009). Kajian Keamanan Aplikasi Web Berbasis AJAX Terhadap Serangan Cross Site Request Forgery (CSRF). TeIKa, 2(2), 35-47. https://doi.org/10.36342/teika.v2i2.124

Terbitan

Vol 2 No 2 (2009): TeIka Desember 2009

Bagian

Keamanan Komputer

Lisensi

The submitting author warrants that the submission is original and that she/he is the author of the submission together with the named co-authors; to the extend the submission incorporates text passages, figures, data or other material from the work of others, the submitting author has obtained any necessary permission.

Articles in this journal are published under the Creative Commons Share Alike Attribution Licence (CC-BY-SA  What does this mean?). This is to get more legal certainty about what readers can do with published articles, and thus a wider dissemination and archiving, which in turn makes publishing with this journal more valuable for you, the authors.

By submitting an article the author grants to this journal the non-exclusive right to publish it. The author retains the copyright and the publishing rights for his article without any restrictions.