WebApp Sec mailing list archives

Re: blocking CSRF attacks

From: Paul Johnston <paj () pajhome org uk>
Date: Fri, 14 Dec 2007 18:57:11 +0000

Hi,

any one on the list aware of any IDS/IPS capable of blocking CSRF
attacks?If not, what will be the best policy to block CSRF.

The best fix is to code you application to include a random token on allforms that cause an action, and validate this when the form is submitted.

Now, I guess you're after a quick fix? One possibility is to block POSTrequests that have a referer, and the referer is not from your domain.I've not tried this, but I expect it would block most attacks withoutinterfering with legitimate traffic.

This does assume your pages that cause actions only respond to POSTrequests, which may not be true in practice.


Paul

-------------------------------------------------------------------------

Sponsored by: WatchfireMethodologies & Tools for Web Application Security AssessmentWith the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

Current thread:

blocking CSRF attacks Pawan (Dec 12)
- Re: blocking CSRF attacks makkalot (Dec 14)
- Re: blocking CSRF attacks Jan Heisterkamp (Dec 14)
  - Re: blocking CSRF attacks Sverre H. Huseby (Dec 15)
- Re: blocking CSRF attacks Paul Johnston (Dec 15)
  - RE: blocking CSRF attacks Boaz Shunami (Dec 19)
- <Possible follow-ups>
- Re: blocking CSRF attacks Daniel Weber (Dec 14)
- Re: FW: blocking CSRF attacks Paul Johnston (Dec 19)
  - Re: FW: blocking CSRF attacks Martin Johns (Dec 22)
  - Re: FW: blocking CSRF attacks Amit Klein (Dec 22)
  - RE: FW: blocking CSRF attacks Boaz Shunami (Dec 22)