Web Vulnerability Detection: The Case of Cross-Site Request Forgery Using Classification and Regression Trees

In the world of hacking, one of the simple and human-understandable web attacks is Cross-Site request forgery, but this is the most top priority attack that needed to handle with keen observation because of the very small difference in their appearance. A hacker develops a cross-site application that looks similar to the original site and embeds this URL in either back transactions or E-commerce applications, it misleads the user to deviate from the original website without his notice by disabling all the authentication mechanisms. The hackers develop this type of cross website by embedding the SQL injection queries either in HTML navigation pages or while executing the external Java Scripts. To develop a solution for this type of attack, the system needs a tool that balances both scalability and usability because of millions of users working with the internet to performs various tasks on social media platforms. This tool can also isolate web attacks by designing robust web applications which include advanced encryption algorithms, which require a lot of effort to decrypt the source code. The developers of the website have to work a lot to take care of the security functionalities, negligence of which may cost the website source code to be hacked. Accidentally, Cross-Site request forgery (CSRF) attacks can be left behind, which motivated recent research on asynchronous Cross-Site request forgery detection. The proposed paper uses the Classification and Regression Trees (CART) Algorithm to detect phishing websites based on the URL posted.