Cross-site Request Forgery, aka. CSRF, Sea Surf, or XSRF, is an attack whereby cybercriminals trick authenticated users into submitting a request to a web application against which they are currently authenticated. CSRF attacks exploit the trust a web application has in an authenticated user. A cybercriminal’s aim for carrying out a CSRF attack is to manipulate authenticated users into executing malicious actions on their behalf, such as stealing sensitive data or committing fraud, without their knowledge or consent.
Social engineering techniques are often used by cybercriminals to launch a CSRF attack. An unwitting victim is tricked into clicking on a legitimate-seeming URL that contains a maliciously crafted, unauthorized request for a particular web application. The user’s browser then sends this maliciously crafted request to the targeted web application. The request also includes credentials related to that particular website, such as user session cookies. Provided that the user is in an active session with the targeted web application, the application treats this new request as an authorized request submitted by the user. In essence this is how cybercriminals exploit the Web application’s CSRF vulnerability.
Nexusguard’s Web Application Firewall
Included as an integral part of Application Protection (AP), Nexusguard Web Application Firewall (WAF) is a cloud-based firewall that can be customized to match the security needs of organizations. It effectively protects websites and applications against evolving threats by analyzing and inspecting incoming requests to websites and applications, and also includes specifically configured mitigation actions to handle each OWASP Top 10 threat category.
Validation of Authenticity of HTTP/S Requests
Nexusguard’s WAF engine generates and assigns a unique CSRF token to the Form page URL and Submit page URL. The tokens are inserted within hidden parameters of HTML forms, and then passed to the client browsers. Whenever a user submits a form or makes an authenticated request, the request generated by the browser includes the associated CSRF token, in this case a computed hash value, which is used by the application server to validate that the HTTP referrer is from a trusted domain. If a match is found, the request is forwarded to the application server for processing, otherwise it is rejected, instantly blocking the unauthenticated request.
To learn more about how to prevent cybercriminals from exploiting the Web application’s CSRF vulnerability, please read about our Application Protection.
Blog Home
