As asynchronous application development has increased, cross-site security (or XSS) exploits have as well. As such, it’s important that we – as developers – are safe guarding our applications in order to prevent said exploits.
Of course, XSS aren’t the only things that we have to worry about – there are also cross-site forgery request.
Simply put, cross-site forgeries are requests made to a site by a user that’s considered to by trusted by the site.
Chris Shiftlett recently blogged a great article explaining CSRF, an example application, and how to safeguard against it all of which includes sample code.
CSRF attacks are very dangerous, and most applications that do not take specific steps to prevent CSRF attacks are vulnerable. Because the requests originate from the victim, it is possible for an attacker to target sites that only the victim can access, such as ones on a local network.
I highly recommend this article for anyone involved in web application development – especially those working with user sessions, cookies, authorization, etc.
Speak your mind...