Abstract :

Cross-Site Request Forgery (CSRF) Is A Severe Web Application Vulnerability By Which Attackers Can Force An Unthinking Authenticated Victim To Perform Some Unwanted Actions. Classic Methods Recognize CSRF Vulnerabilities Either From Source Code Or Through Heavy Manual Work And Are Hence Unfavorable For The Scale And Real-time Detection. To Tackle These Issues, We Present SECUREWEB, A Machine-Learning-based Framework Designed To Identify CSRF Vulnerabilities Automatically Using Black-box Scanning. SECUREWEB Houses Two Simple-to-use Modules For Administrators And End-users, Allowing URL Scanning, Machine Learning Model Training, And On-the-fly Classification Of Vulnerabilities. Under The Hood, The Engine Mitch Extracts Essential Features From HTTP Requests, Such As Request Methods, The Presence Of AntiCSRF Tokens, Header Information, And So Forth, And Runs Bayesian-supervised Dictation With Random Forest, Decision Tree, SVM, And NaïveBayes. This System Has Been Implemented In Python, With Django Acting As The Backend, And MySQL Utilized As The Data Store, Which Provides A Smooth And Reactive User Experience. Experimental Results Show 35 New CSRF Vulnerabilities Were Found By SECUREWEB In Major Websites And Additional Three In Production Software. It Performs Well In Terms Of Accuracy And Other Classification Metrics In Different Testing Scenarios. SECUREWEB Appears Thus As A Scalable, Automated, And Intelligent Means Of Protecting Web Applications From CSRF Attacks, Even When The Source Code Is Not Available. Keywords : Machine Learning, Web Security, Vulnerability Detection, Black-Box Scanning, HTTP Request Analysis, Random Forest.

Published:

09-6-2025

Issue:

Vol. 25 No. 6 (2025)

Page Nos:

425-430

Section:

Articles

License:

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

How to Cite