Cross Site Request Forgery

A CSRF vulnerability allows an attacker to social engineer authenticated users into submitting HTTP requests. The server receives the covertly submitted request and processes it as though it were intentionally sent by the user. The risks imposed by a CSRF are increased if Cross Site Scripting (XSS) attacks are resident on the same sub-domain.

Exploitation

An attacker will convince a victim to visit a resource they control; such as a website or URL susceptible to XSS. An HTTP request will then be sent to an application in which the victim is already authenticated. The victim’s web browser will inherently append a session ID (SID) to that request affiliated with the target website. The site will successfully validate the SID and then process the attacker’s malicious request.

• 

Remediation

CSRF is mitigated with anti-forgery tokens; a unique nonce known only between the server and an authenticated user. This token is then validated anytime the server receives a request from an authenticated user. Every major web framework has an automated method for implementing this safeguard. Server side logic should verify the validity of the token before executing any action that results in a change to the system.