Dashboard Articles Playground Discussions More
Follow

Defending CSRF Attacks

BlackVikingPro
8 years ago

0

So, I’m currently working on a hopefully bullet-proof security client system with all kinds of security added for free on GitHub ->https://github.com/BlackVikingPro/xml-client-system

I’ve come to notice that CSRF is one of the many different attacks possible on a web app such as this one..
So, I did some reading on OWASP about CSRF prevention. I didn’t really find anything helpful or learn anything
that I didn’t already know about CSRF.

My question is.. for PHP programmers.. how would an anti-CSRF system work?
I would think you can just test to see if your page is being loaded through an iframe on
a seperate HTML/PHP document on a different server, then just handle that accordingly.

Though I’ve never protected something against CSRF, this would be a first time doing so :)

P.S. I saw some things on DVWA (Damn Vulnerable Web App) that protect against CSRF.. Would this what I should do?

 

4i3V86mohOtXKBEBeo4IdGUpd7n34XWWiKubImOTYDdkQUHIG3x1i2bUt3lKJiXXWAEUG3sm5bZNNUj31kC3Du==

Where is Caesar when you need him?

1reply
2voices
163views
? [bolofecal]
8 years ago

0

In source of hackthis you can view this <input type="hidden" value="cmFuZG9tIGJhc2U2NA==" name="token"> you can create a token in a hidden field of your form and check when the form is sended.

 

?

Image

You must be logged in to reply to this discussion. Login
1 of 2

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss