1. A good protection against this attack is to re-authenticate (like transaction password) or better use two-factor authentication for critical transactions like fund transfer. Taking the CSRF vulnerability from Hacme Casino a good solution would be ask for transaction password as shown in the screenshot below -
2. Another solution is to implement one time nonces. For more information refer the link mentioned above.
3. ASP.Net
Myth: Having ViewState enabled in a .Net web app would prevent against CSRF attacks.
Fact: Having ViewStateUserKey set and set to something that is distinct to each user like "ViewStateUserKey = Session.SessionID" will save you against CSRF attacks.
Posts
This comment has been removed by the author.
ReplyDeleteOur write my nursing research paper services are focused on making your life in school smooth and enjoyable in comparison to what you might be going through at the moment.
ReplyDeleteHey There. I found your weblog the use of msn. This is a really well written article. I’ll be sure to bookmark it and come back to read extra of your helpful info. Thank you for the post.
ReplyDeletewebsite casino online