You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -10,13 +10,9 @@ Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execut
## How to countermeasure this vulnerability
- Implement [Flask WTForms](https://flask-wtf.readthedocs.io/en/1.2.x/), which generates and requires a unique secret key by default.
- Implement business knowledge access levels.
- Implement a synchronizer token pattern (STP) where a secret and unique value for each request, is embedded by the web application in all HTML forms and verified on the server side. [Flask WTForms](https://flask-wtf.readthedocs.io/en/1.2.x/) applies this approach.
- End-user education.
- HTTPS encryption.
- End-user education.
- Implement a CORS [Content Security Policy (CSP)](../content_security_policy/README.md).
- Implement server side [Content Security Policy (CSP)](../content_security_policy/README.md).
- Understand how the attack can be executed in the specific context of the application and user, then [code review](../security_testing_approaches/README.md#Code_review) with specific scenarios in mind.
- Implement three-factor authentication (3FA) for administrative operations.
- Separate production and development environments.
- White-list firewall policies
- White-list firewall policies for example 1.1.1.2
