Trending Application Security Discussions

How do you protect your application from Cross-Site Request Forgery (CSRF)?‎

What products and scanners have you used successfully for detection and remediation of CSRF?‎

How relevant is ISO270001 for an IT auditor containing CISA designation?‎

While running a security application, user refreshed the page. The page shows session expired and shows a link for login. Is the application secure?‎

What are the most important steps you would recommend for securing a new web server?‎

 

Answer added by  Deleted user
10 years ago

1- Request confirmations to the user for critical actions, the risk of burdening the sequence of forms. 2- Request confirmation of the old password for the user to change ... See More

 

Answer added by  Mian Muhammad Naeem Jan, Chief Finance Officer, Sidra Events Management Company Ltd
10 years ago

Agree with Iqbal Bhai

 

Answer added by  Prashant Soni, Module Lead, Persistent Systems Ltd.
10 years ago

Anti-forgery tokens work because the malicious page cannot read the user’s tokens, due to same-origin policies. To prevent CSRF attacks, use anti-forgery tokens with any ... See More

 

Answer added by  Rameez Ahmed Sayad, .Net Consultant, Proximus Luxembourg
10 years ago

The simplest method is to use AntiForgery token , the antiforgery token should comprise of a Salt (which needs to be changed regularly) , some User specific data(username ... See More

 

Answer added by  Anil Yadav, Manager - Group Internal Audit, Kotak Mahindra Bank
3 years ago

Yes it is secure as it is asking you to re enter your credentials

 

Answer added by  Mohamed sayed, Senior Information Security consultant, SecureMisr
7 years ago

1-Using unpredictable random Anti-forgery tokens 2-Using samesite flag in cookies 3-avoid using HTTP GET requests in sensitive actions