Network-enabled applications are applications that use communication networks to share information between various devices, each of which might be operated by the same or different user(s). The network-enabled applications include applications such as browser engines, messaging interfaces, e-mail tools, remote desktops, and the like that allow users to easily browse, select, and manipulate items being viewed using a network-enabled application. The network-enabled application receives one or more communications (such as code for instantiating webpages) from a service provider that is often encoded in the form of a language (such as the hypertext markup language HTML), which contains elements that describe the structure and functionality of the content that is received by the content user.
The networked-enabled application often involves accessing sensitive information and/or transferring various amounts of currency in computer-accessed financial accounts, for example. Thus, security features such as username/password combination verification are often used to establish a secure session between (for example) a bank and a customer of the bank who is using the networked-enabled application to access bank accounts of the customer.
However, malicious code that might be present in the network-enabled application (and/or computer upon which the network-enabled application is executing) can be used to induce unauthorized commands to be sent that attempt to exploit the security of the secure session. In a cross-site request forgery exploit for example, the trust of the user in the user's network-enabled application is exploited. The cross-site request forgery (often referred to as CSRF, XSRF, a one-click attack, “confused-deputy problem,” and/or session riding) exploit operates by inducing the browser by way of HTML or script to (usually unknowingly) access a website that a user has ready accessed (such as being logged in, having an authentication cookie set, an established session identifier, and the like).
The malicious function can be accessed by the user's browser rendering a seemingly valid element (such an image tag) that has a reference to a location that is typically inaccessible by the attacker. When the reference location is visited by the user's browser, the user's browser then executes the malicious function. The malicious function can be used to transmit a request to perform an action on behalf of the attacker using a victim user's own machine. (The performed action can include malicious activity such as transferring funds from the user's bank account to an attacker's bank account.) Thus, attackers can exploit the trust established by a requested site by way of the user's machine having been forced to by the referring site (and/or infected word processing documents, email messages and attachments, chat messages, and the like) to perform the exploit.