Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

If you were a site administrator looking for incoming CSRF attacks, what would you look for?

user-image
Question added by JONATHAN VIRAY , Technical Consultant , EUROTECHME
Date Posted: 2013/10/23
Deleted user
by Deleted user

Normally, you wouldn't know if the incoming request is a CSRF attack or not because in both cases they would look the same except that the CSRF is sent without the user's consent. BUT if your page contains somekind of a "challenge", like a gotcha for instance, then you would be sure that the user himself/herself made the request "knowingly".

So if you were a site administrator, look for critical pages and add a challenge there to protect your users.

More Questions Like This