At work, we are getting close to launching a new website and we are rapidly approaching our full-on QA phase. Before we get there I typically like to run vulnerability scans on the development site before testers start hammering the sites with their various tests. One tool that I use is Detectify, which you can read my thoughts on it here.
The scanner pointed the dev team towards a CSRF vulnerability on the site. I took on the initiative to figure out how we can easily prevent this without jeopardizing our tight timeline. During my research, I found these two link to be extremely useful.
- OWASP: Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
- Detectify: Login CSRF – Also includes a more simplistic CSRF prevention code snippet.
Feel free to take a look at the library on my Github page and use/modify as you wish!