How to prevent XSRF attacks

pts.
Tags:
Access control
Application security
Browsers
Database
Encryption
filtering
Instant Messaging
Microsoft Exchange
Secure Coding
Servers
SSL/TLS
Web security
I've been hearing more about XSRF (cross-site request forgery) attacks. (Netflix most recently had to fix a flaw related to this.) I'm wondering how you can prevent this type of attack. Do Web application firewalls work?

Answer Wiki

Thanks. We'll let you know when a new response is added.

I saw in a posting on a different list that someone has written a plug-in to prevent CSRF or XSRF attacks.

Kanatoko wrote:
I wrote a small plugin for Guardian@JUMPERZ.NET(OSS WAF) to prevent CSRF attacks.

— From Documentation —
This plugin detects and prevents CSRF(Cross Site Request Forgery) attacks.

This plugin detects CSRF attacks by doing the following.

1. Rewrites the HTTP responses. Adds unique “token”s to the each forms in the HTML pages as hidden fields.

2. Checks the HTTP requests. If the valid tokens are not found in the requests, raises alerts and blocks the requests.

This plugin only works with cookie-based session management and Basic authentication.
—-

For more details:

http://guardian.jumperz.net/manual/en/body118.html

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following