Cross-site Request Forgery(CSRF) protection via Synchronizer Token Patterns and Double Submit Cookies Patterns
What is Cross-site Request Forgery(CSRF) Cross-Site Request Forgery (CSRF) is a type of attack outlined in the OWASP Top 10 that occurs when a malicious website, email, blog, instant message, or program causes a user’s web browser to perform an unwanted action on a trusted site for which the user is currently authenticated (logged in). The impact of a successful CSRF attack is limited to the capabilities exposed by the vulnerable application. For example, this attack could result in a transfer of funds, changing a password, or purchasing an item in the user's context. In effect, CSRF attacks are used by an attacker to make a target system perform a function via the target's browser without knowledge of the target user, at least until the unauthorized transaction has been committed. At the most basic level, the reason for a CSRF is that browser's do not understand how to distinguish if an action was performed on purposely by a user (like say by clicking a button o...