How to prevent a crossing attack on a fake?

Question

How to prevent a crossing attack on a fake?

We launched Burp Suite on our product and discovered some security vulnerabilities. The tool detected some CGI files that are vulnerable to attacks like Cross-Site Request Forgery (CSRF).

As usual, I searched for the CSRF security module in CPAN and found CGI :: Application :: Plugin :: ProtectCSRF .

I am wondering how can I integrate this module into our application in a generalized form? The documentation is not clear to me. How to configure this module and make minimal changes to ensure that the entire application is CSRF protected.

I also met mod_csrf (Apache module for preventing CSRF). Installs this module and the setting below in the apache configuration file to prevent CSRF?

<VirtualHost>

    CSRF_Enable on
    CSRF_Action deny
    CSRF_EnableReferer off

</VirtualHost>

+4

perl apache csrf csrf-protection cgi-application

Chankey pathak Sep 01 '16 at 9:18

source share

1 answer

Borodin · Answer 1 · 2016-09-01T10:18:34+0000

I understand that you found the documentation to be CGI::Application::Plugin::ProtectCSRFunclear: it's a little impregnable

All that the Perl module needs to do is add a field hiddento each HTML form with a name _csrf_idand a random value obtained from different sources and encoded via SHA1. Protection occurs when a response from a client requires that the same value be returned to the server.

, , attributes

: .

, , Apache mod_csrf, , , , Perl,

How to prevent a crossing attack on a fake?

More articles: