- General information about CSRF
- Synchronizer Token Pattern
- Double-Submit Cookie Pattern
- Leveraging the Encrypted Token Pattern
- Stateful vs Stateless CSRF Defences
- Encrypted Token Pattern Diagram (Pic)
- CSRF Defenses (Slides)
- Stateless Anti CSRF
- Stackexchange forum with real-life examples
- Why does
Double-Submit Cookies
require a separate cookie? - About CSRF on form submit
- How does a
CSRF
token prevent an attack? Double-Submit Cookies
vulnerabilities- Cryptographically strong
CSRF
token - CSRF attack make the
Synchronizer Token Pattern
insecure - Are CSRF attacks really blind?
- Is there an appropriate anti CSRF method?)
- Use a unique CSRF token that is unique for each request
- It isn't enough for you to implement
Double-Submit Cookies
in its own sub-domain