Enjoy 20% off all plans by following us on social media. Check out other promotions!
Quiz Questions

Explain the concept of Cross-Site Request Forgery (CSRF) and its mitigation techniques

Topics
JAVASCRIPTNETWORKSECURITY
Edit on GitHub

TL;DR

Cross-Site Request Forgery (CSRF) is an attack where a malicious website tricks a user's browser into making an unwanted request to another site where the user is authenticated. This can lead to unauthorized actions being performed on behalf of the user. Mitigation techniques include using anti-CSRF tokens, SameSite cookies, and ensuring proper CORS configurations.

Cross-Site Request Forgery (CSRF) and its mitigation techniques

What is CSRF?

Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious website causes a user's browser to perform an unwanted action on a different site where the user is authenticated. This can lead to unauthorized actions such as changing account details, making purchases, or other actions that the user did not intend to perform.

How does CSRF work?

  1. User authentication: The user logs into a trusted website (e.g., a banking site) and receives an authentication cookie.
  2. Malicious site: The user visits a malicious website while still logged into the trusted site.
  3. Unwanted request: The malicious site contains code that makes a request to the trusted site, using the user's authentication cookie to perform actions on behalf of the user.

Mitigation techniques

Anti-CSRF tokens

One of the most effective ways to prevent CSRF attacks is by using anti-CSRF tokens. These tokens are unique and unpredictable values that are generated by the server and included in forms or requests. The server then validates the token to ensure the request is legitimate.

<form method="POST" action="/update-profile">
  <input type="hidden" name="csrf_token" value="unique_token_value" />
  <!-- other form fields -->
  <button type="submit">Update Profile</button>
</form>

On the server side, the token is validated to ensure it matches the expected value.

SameSite cookies

The SameSite attribute on cookies can help mitigate CSRF attacks by restricting how cookies are sent with cross-site requests. The SameSite attribute can be set to Strict, Lax, or None.

Set-Cookie: sessionId=abc123; SameSite=Strict
  • Strict: Cookies are only sent in a first-party context and not with requests initiated by third-party websites.
  • Lax: Cookies are not sent on normal cross-site subrequests (e.g., loading images), but are sent when a user navigates to the URL from an external site (e.g., following a link).
  • None: Cookies are sent in all contexts, including cross-origin requests.

CORS (Cross-Origin Resource Sharing)

Properly configuring CORS can help prevent CSRF attacks by ensuring that only trusted origins can make requests to your server. This involves setting appropriate headers on the server to specify which origins are allowed to access resources.

Access-Control-Allow-Origin: https://trustedwebsite.com

Further reading

Edit on GitHub
Previous
Next