OWASP Top 10 for .NET developers part 5: Cross-Site Request Forgery

added by troyhunt
11/2/2010 6:58:14 AM

1 Kicks, 299 Views

If you’re anything like me, your browser tab bar is probably flush with a bunch of different sites all presently authenticated to and sitting idly by waiting for your next HTTP instruction to update your status, accept your credit card or email your friends. And then there’s all those sites which, by virtue of the ubiquitous “remember me” checkbox, don’t appear open in any browser sessions yet remain willing and able to receive instruction on your behalf. This post looks at securing your .NET code against the risk of CSRF maliciously attacking authenticated web applications.