Posts

Cross-site Request Forgery Protection in web application via Synchronizer Token Pattern

Image
Cross-site Request Forgery Protection in web application via Synchronizer Token Pattern Even the most experienced CIO (Chief Information Officer) and web security experts need to protect themselves against attackers. So, not only them, all need to know about the security vulnerabilities available in the web applications, in order to protect ourselves from these vulnerabilities. There are many security vulnerabilities available in the web applications. Such as SQL Injection, Cross Site Scripting, Broken Authentication and Session Management, Insecure Cryptographic Storage, Cross Site Request Forgery are some of them. In this blog, I am going to briefly describe about Cross Site Request Forgery Attack and how we need to protect our web applications using Synchronizer Token Pattern and Double Submit Cookies Pattern.  First, let's see What Is Meant By Cross Site Request Forgery (CSRF) Attack. CSRF is an attack and the expansion form of it is "Cross Site Request Forgery...
Post a Comment
Read more

Cross-site Request Forgery Protection in web application via Double Submit Cookies Pattern

Image
Cross-site Request Forgery Protection in web application via Double Submit Cookies Pattern In the previous blog , I wrote about Cross-site Request Forgery (CSRF) Attacks , and how to protect a web application from CSRF Attack using Synchronizer Token Pattern . In this blog I am going to write about Double Submit Cookies Pattern which also helps to prevent from CSRF Attacks . This is another way to implement Cross- Site Request Forgery protection through Double Submit Cookies Patterns. Earlier in Synchronizer Token Patterns, there is only one cookie in the client side, which is known as the "Session Cookie". But in this Double Submit Cookies Pattern, there are two cookies namely "Session Cookie" and "csrf Cookie". And also there is another difference between Synchronizer Token Pattern (STP) and Double Submit Cookies Pattern. It is in the STP, had a thick server and a thin client. But in the Double Submit Cookie Pattern there is a thin server and a th...
Post a Comment
Read more