Cross-site Request Forgery Protection in Web Applications via Double Submit Cookies

-

When a user logs in to a web application the site generates a random value and sets it as a cookie. A double submit cookie sends this value as a cookie but also as a request parameter. The server then confirms that the cookie value and the request parameter value match before executing a transaction request. An attacker can not change a cookie value with a CSRF attack, so even if the request parameter is manipulated the malicious request will not execute.


You can get a sample login page from herehttps://github.com/csandeepa/CSRF-double-submit-cookies

Once you run the code you can see a login page like this.


The initial page is index.php. here is how it looks like.


The login form is created using basic html codes. the form submission method is POST. and also here you can see session generation and validation of login credentials codes written in php.




After successfully logged in, the user is redirected to the update.php page.There is a function to get cookie value.


Here is the way of implementing double submit cookies for a login. CSRF prevention is really important for security of a website.

~CS

Comments

Post a Comment

If you got something from my writings, just put your thoughts out to words...

Popular posts from this blog

Best Ways to Make Money Online 2019

-
Image
This guide shows the best ways to make money on the internet. These methods are now very popular because you can make money online with less time and effort. However there is no way to earn money quickly but if you can try hard, you'll be able to get extra money. Start your own website or blog and connect with advertising If you need to earn money online, create your own blog or website first. If you're a student or you're away from school one of the best things you can do is start a blog and put your cv on it. Getting a blog is great if you're applying for a job, and it really helps you stand out from the crowd. You can easily start a blog using Google Blogger or Wordpress. Blogger by Google:  https://www.blogger.com/ WordPress:  https://wordpress.com/ By putting pay-per-click ads like Google Adsense, you can earn money with a website. It's going to take a while to start making money. Next, on your blog, you need to have interesting content. You'...
Read more

Cross-site Request Forgery Protection in Web Applications via Synchronizer Token

-
Image
What Is CSRF? Cross site request forgery (CSRF), also known as XSRF, Sea Surf or Session Riding, is an attack vector that tricks a web browser into executing an unwanted action in an application to which a user is logged in. A successful CSRF attack can be devastating for both the business and user. It can result in damaged client relationships, unauthorized fund transfers, changed passwords and data theft—including stolen session cookies. CSRFs are typically conducted using malicious social engineering, such as an email or link that tricks the victim into sending a forged request to a server. As the unsuspecting user is authenticated by their application at the time of the attack, it’s impossible to distinguish a legitimate request from a forged one. Implement Synchronizer Tokens Synchronizer tokens are often referred to as “challenge” tokens. These challenge tokens are included within an HTML form and associated with sensitive server-side tasks. When a user wants to...
Read more

Amazing Places To Visit In The World

-
Image
The world we live in is full of wonderful things. It would be a beautiful experience to see all those wonderful things. So this article is to show you about such wonderful areas in the world. So you can see it with your family while on vacation. Spain Nobody can get over the excitement of celebrating Christmas in Spain. Whether it's bright lighting, shopping, festive avenues, everything, Spain's all-in-one destination for this December. Spain is one of the warmest countries in Europe. The winters here are milder, but they still have warm clothes and a jacket. Take a walk through Gran Via and enjoy the bright decor. Don't forget the fine wines and tapas from San Anton Market! Talented Spanish artist Gaudi's masterpiece work is much more appreciable. He embellished the city, Barcelona with many beautiful buildings, including the massive Roman Catholic Church, La Sagrada Familia. Costa Rica There are a number of destinations in Costa Rica that you can't c...
Read more