🦠 Cross Site Request Forgery (CSRF) 🦠
◾️ In a CSRF attack, a user logs into a secure web application and then visits another malicious site where CSRF attack code is hosted. This code uses the victim’s authenticated credentials to forge a request for the authenticated site, which has no way of knowing the difference. A CSRF attack is easy to set up and difficult to detect, and may be used to steal personal details or perform financial transactions.
The good news is that a CSRF attack can easily be prevented by using a CSRF token. This common application security measure appends an unpredictable challenge in the form of a CSRF token to each request in order to ensure the validity of the source. The server application must verify that each sensitive HTTP request contains the right CSRF token. ◾️
🦠 How to prevent it? 🦠
◾️ Well, we can use anti-forge tokens. Anti-forgery tokens are typically (strongly) random numbers that are stored in a cookie or on the server as they are written out to the hidden field. The server will compare the token attached to the inbound request with the value stored in the cookie. If the values are identical, the server will accept the valid HTTP request ◾️
🦠 @HashBrownie123 🦠
No comments:
Post a Comment