I've been hearing more about XSRF (cross-site request forgery) attacks. (Netflix most recently had to fix a flaw related to this.) I'm wondering how you can prevent this type of attack. Do Web application firewalls work?
I saw in a posting on a different list that someone has written a plug-in to prevent CSRF or XSRF attacks.
I wrote a small plugin for Guardian@JUMPERZ.NET(OSS WAF) to prevent CSRF attacks.
-- From Documentation --
This plugin detects and prevents CSRF(Cross Site Request Forgery) attacks.
This plugin detects CSRF attacks by doing the following.
1. Rewrites the HTTP responses. Adds unique "token"s to the each forms in the HTML pages as hidden fields.
2. Checks the HTTP requests. If the valid tokens are not found in the requests, raises alerts and blocks the requests.
This plugin only works with cookie-based session management and Basic authentication.
For more details:
Last Wiki Answer Submitted: November 6, 2006 9:12 am by MichelleDavidson110 pts.