Protect against CSRF with form tokens

来源:NowSecure 浏览 523 扫码分享 2019-04-27 17:33:19

Protect Against CSRF with Form Tokens

Protect Against CSRF with Form Tokens

Details

CSRF (Cross-site Request Forgery) relies on known or predictable form values and a logged-in browser session.

Remediation

Each form submission should contain a token which was loaded with the form or at the beginning of a user session. Check this token on the server when receiving POST requests to ensure the user originated it. This capability is provided with major web platforms and can be implemented on forms with minimal custom development.

References

http://op-co.de/blog/posts/android_ssl_downgrade/

CWE/OWASP

M1 - Weak Server Side Controls
CWE 325

当前内容版权归 NowSecure 或其关联方所有，如需对内容或内容相关联开源项目进行关注与资助，请访问 NowSecure .

本文档使用 BookStack 构建