{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T03:36:25Z","timestamp":1782876985520,"version":"3.54.5"},"publisher-location":"Berlin, Heidelberg","reference-count":25,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642035487","type":"print"},{"value":"9783642035494","type":"electronic"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-03549-4_15","type":"book-chapter","created":{"date-parts":[[2009,7,16]],"date-time":"2009-07-16T10:05:28Z","timestamp":1247738728000},"page":"238-255","source":"Crossref","is-referenced-by-count":51,"title":["Defeating Cross-Site Request Forgery Attacks with Browser-Enforced Authenticity Protection"],"prefix":"10.1007","author":[{"given":"Ziqing","family":"Mao","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ninghui","family":"Li","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ian","family":"Molloy","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","reference":[{"key":"15_CR1","unstructured":"The platform for privacy preferences project (p3p), http:\/\/www.w3.org\/TR\/P3P"},{"key":"15_CR2","unstructured":"The web hacking incidents database (2008), http:\/\/www.webappsec.org\/projects\/whid\/byid_id_2008-05.shtml"},{"key":"15_CR3","doi-asserted-by":"crossref","unstructured":"Barth, A., Jackson, C., Mitchell, J.C.: Robust defenses for cross-site request forgery. In: Proc.\u00a0ACM Conference on Computer and Communications Security (CCS) (October 2008)","DOI":"10.1145\/1455770.1455782"},{"key":"15_CR4","doi-asserted-by":"crossref","unstructured":"Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., Stewart, L.: HTTP authentication: Basic and digest access authentication. RFC 2617 (June 1999), http:\/\/www.ietf.org\/rfc\/rfc2617.txt","DOI":"10.17487\/rfc2617"},{"key":"15_CR5","unstructured":"Google. Load time analyzer 1.5, firefox add-on (March 2007), https:\/\/addons.mozilla.org\/en-US\/firefox\/addon\/3371"},{"key":"15_CR6","unstructured":"Group, N.W.: Hypertext transfer protocol \u2013 HTTP\/1.1. RFC 2616 (June 1999), http:\/\/www.ietf.org\/rfc\/rfc2616.txt"},{"key":"15_CR7","unstructured":"Hansen, R., Stracener, T.: Xploiting google gadgets: Gmalware and beyond (August 2008)"},{"key":"15_CR8","unstructured":"Higgins, K.J.: CSRF vulnerability: A \u2018sleeping giant\u2019 (2006)"},{"key":"15_CR9","unstructured":"Jackson, C.: Defeating frame busting techniques (2005), http:\/\/www.crypto.stanford.edu\/framebust\/"},{"key":"15_CR10","unstructured":"Johns, M., Winter, J.: RequestRodeo: Client side protetion against session riding. In: Proceedings of the OWASP Europe 2006 Conference (2006)"},{"key":"15_CR11","doi-asserted-by":"crossref","unstructured":"Jovanvoic, N., Kirda, E., Kruegel, C.: Preventing cross site request forgery attacks. In: Proceedings of the Second IEEE Conference on Security and Privacy in Communication Networks (September 2006)","DOI":"10.1109\/SECCOMW.2006.359531"},{"key":"15_CR12","unstructured":"Koch, P.: Frame busting, http:\/\/www.quirksmode.org\/js\/framebust.html"},{"key":"15_CR13","doi-asserted-by":"crossref","unstructured":"Kristol, D., Montulli, L.: HTTP state management mechanism. RFC 2965 (October 2000), http:\/\/www.ietf.org\/rfc\/rfc2965.txt","DOI":"10.17487\/rfc2965"},{"key":"15_CR14","unstructured":"MSDN. Privacy in internet explorer 6, http:\/\/msdn.microsoft.com\/en-us\/library\/ms537343VS.85.aspx"},{"key":"15_CR15","doi-asserted-by":"crossref","unstructured":"Oda, T., Wurster, G., van Oorschot, P., Somayaji, A.: Soma: Mutual approval for included content in web pages. In: Proc.\u00a0ACM Conference on Computer and Communications Security (CCS) (October 2008)","DOI":"10.1145\/1455770.1455783"},{"key":"15_CR16","unstructured":"OWASP. Top ten most critical web application security vulnerabilties. Whitepaper (2007), http:\/\/www.owasp.org\/index.php\/Top_10_2007"},{"key":"15_CR17","unstructured":"phpBB. Create communities worldwide, http:\/\/www.phpbb.com"},{"key":"15_CR18","unstructured":"Shiflett, C.: Foiling cross-site attacks (October 2001), http:\/\/shiflett.org\/articles\/foiling-cross-site-attacks"},{"key":"15_CR19","unstructured":"Shiflett, C.: Security corner: Cross-site request forgeries (December 2004), http:\/\/shiflett.org\/articles\/cross-site-request-forgeries"},{"key":"15_CR20","unstructured":"US-CERT. Cross-site request forgery (CSRF) vulnerability in @mail webmail 4.51. CVE-2006-6701 (December 2006), http:\/\/nvd.nist.gov\/nvd.cfm?cvename=CVE-2006-6701"},{"key":"15_CR21","unstructured":"US-CERT. Multiple cross-site request forgery (CSRF) vulnerabilities in phpmyadmin before 2.9.1. CVE-2006-5116 (October 2006), http:\/\/nvd.nist.gov\/nvd.cfm?cvename=CVE-2006-5116"},{"key":"15_CR22","unstructured":"US-CERT. Google gmail cross-site request forgery vulnerability. Vulnerability Note 571584 (October 2007), http:\/\/www.kb.cert.org\/vuls\/id\/571584"},{"key":"15_CR23","unstructured":"US-CERT. Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpbb 2.0.22. CVE-2008-0471 (January 2008), http:\/\/nvd.nist.gov\/nvd.cfm?cvename=CVE-2008-0471"},{"key":"15_CR24","unstructured":"US-CERT. Cross-site request forgery (CSRF) vulnerability in the Linksys wrt54gl wireless-g broadband router. CVE-2008-0228 (January 2008), http:\/\/nvd.nist.gov\/nvd.cfm?cvename=CVE-2008-0228"},{"key":"15_CR25","unstructured":"P.\u00a0W. Cross-site request forgery (2001), http:\/\/www.tux.org\/~peterw\/csrf.txt"}],"container-title":["Lecture Notes in Computer Science","Financial Cryptography and Data Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-03549-4_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,21]],"date-time":"2019-05-21T14:20:19Z","timestamp":1558448419000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-03549-4_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642035487","9783642035494"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-03549-4_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009]]}}}