- General information about CSRF
- Synchronizer Token Pattern
- Double-Submit Cookie Pattern
- Leveraging the Encrypted Token Pattern
- Stateful vs Stateless CSRF Defences
- Encrypted Token Pattern Diagram (Pic)
- CSRF Defenses (Slides)
- Stateless Anti CSRF
- Stackexchange forum with real-life examples
- Why does
Double-Submit Cookiesrequire a separate cookie? - About CSRF on form submit
- How does a
CSRFtoken prevent an attack? Double-Submit Cookiesvulnerabilities- Cryptographically strong
CSRFtoken - CSRF attack make the
Synchronizer Token Patterninsecure - Are CSRF attacks really blind?
- Is there an appropriate anti CSRF method?)
- Use a unique CSRF token that is unique for each request
- It isn't enough for you to implement
Double-Submit Cookiesin its own sub-domain