Secure Software Systems

What is CSRF - Cross Site Request Forgery  When an unwanted action is forced to perform on a trusted site which the user is currently authenticated to , it's called a CSRF. What is a double submit cookie pattern and how it works Basically, there are are two patterns for stopping CSRF attacks: Double-Submit Cookie and Synchronizer Token. Lets see how Double Submit Cookie Pattern works! It works like this. If a view is protected against CSRF, when the view responds to any petition whose request method is “unsafe”, e.g. POST , PUT , and DELETE , it requires a csrfmiddlewaretoken to be passed in the request payload. It checks the value of this token against the csrftoken , a cookie which is also passed along with the request. If they don’t have the same value, the request is rejected. The key here is that the browser passes two tokens in the request which must have the same value. The csrfmiddlewaretoken , in the request body, and the csrftoken in the c...

The number of cyber attacks increase enormously each day. Therefore security is a must. If you web application is not protected, it might be vulnerable to CSRF or Cross Site Request Forgery. What is Cross Site Request Forgery? When an unwanted action is forced to perform on a trusted site which the user is currently authenticated to , it's called a CSRF. How to protect from CSRF. To apply this protection against a CSRF scenario, we should have a web application. Suppose we have the server side and the client side of the web app as server.php and index.php in order. First of all we sould create a session in the client side and set a cookie to store the session id. The cookie will be used for validating the token when we go along the process. Now when we run the client side, we get a session for the user and the ID will be saved under the sessionID variable. Now all we want is a CSRF Token. this should be saved in the server side of the web application. ...