top of page
Writer's pictureprashant singh

CSRF(Cross Site Request Forgery)

Updated: Jul 6, 2018

Cross site request forgery happens in authenticated session when the server is trust on the user.

CSRF attack occurs when a malicious website, email or program is performing the unwanted action by the user on an untrusted website for which user is currently authenticated.

CSRF coming when the attacker injects the bogus referrer header. Sometimes developer not restrict the referrer header(origin and target source) on the master page or taking the default header on the page.


Defense CSRF(Cross site request forgery)

1. Check standard header to verify the request is the same origin

a. The origin request is coming from (Source origin)

b. The origin request is going to (target origin)

2. Check CSRF token

a. Validate the cookie token and form token


Configure the webSEAL to validate the referrer header incoming HTTP request

Referrer Header

<add name="Referrer-Policy" value="strict-origin" />

137 views0 comments

Recent Posts

See All

Comments


bottom of page