Stackle icon indicating copy to clipboard operation
Stackle copied to clipboard
verified publisher icon scorelab

Absence of Anti-CSRF Tokens

Open aravinda3001 opened this issue 4 years ago • 0 comments

Absence of Anti-CSRF Tokens

Changes proposed in the pull request

*Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable.

Impact

A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim.

Other information

Reference: http://projects.webappsec.org/Cross-Site-Request-Forgery http://cwe.mitre.org/data/definitions/352.html

aravinda3001 avatar Jun 04 '21 13:06 aravinda3001