Cross Site Request Forgery

Understand how Cross Site Request Forgery works and learn to protect your Node.js applications by implementing CSRF tokens. Explore how to generate, validate, and manage tokens to ensure that data-changing actions originate from authenticated users, enhancing application security.

We'll cover the following...

- How to protect against it
- Multiple form submits

Cross-Site Request Forgery (CSRF) is the opposite of an XSS exploit. Where XSS takes advantage of the user by means of a trusted web site, CSRF takes advantage of the web site by means of a trusted user.

Imagine an attacker who sends out fake emails with a link to delete a blog post or email. The target user clicks the link and arrives at a delete page. Because the user is an administrator with a valid session, your application goes ahead and deletes the record as requested. The link is a mystery to the user but now their account has been deleted without their consent. Not cool.

This doesn’t have to be a text link; it is often attached to an image or a button. It may sound ...

1.Introduction

2.Never Trust Your Users. Sanitize ALL Input!

3.HTTPS and Other Random Letters

4.Password Encryption and Storage for Everyone

5.Authentication, Access Control, and Safe File Handling

6.Safe Defaults, Cross Site Scripting, and Other Popular Hacks

Cross Site Request Forgery