-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathcsrf.theory.txt
25 lines (20 loc) · 1.38 KB
/
csrf.theory.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
┏━━━━━━━━━━┓
┃ CSRF ┃
┗━━━━━━━━━━┛
CSRF ==> #Cross-Site Request Forgery
#Also called XSRF
#An ORIGIN performs command on another ORIGIN, using its cached confidential data (e.g. cookies)
#Preventions:
# - SOP
# - not keeping confidential data client-side
# - e.g. never caching login credentials
# - CSRF token
# - SameSite cookies (see its doc)
LOGIN CSRF ==> #CSRF accessing authentication data
CSRF URL ==> #CSRF with a GET request, i.e. can be triggered from clicking a URL
#Prevention: no side-effects with GET
CSRF TOKEN ==> #Nonce sent by server to client to authenticate next request[s]
#Also called synchronizer|challenge token
#This reduces CSRF risk since attacker must know CSRF token too
X-CSRF-Token: STR [S]
X-XSRF-Token: STR [S] #Common name for CSRF token