Read PDF

Protect Against CSRF with Form Tokens

Details

CSRF (Cross-site Request Forgery) relies on known or predictable form values and a logged-in browser session.

Remediation

Each form submission should contain a token which was loaded with the form or at the beginning of a user session. Check this token on the server when receiving POST requests to ensure the user originated it. This capability is provided with major web platforms and can be implemented on forms with minimal custom development.

References

CWE/OWASP

results matching ""

    No results matching ""