Protecting web applications from CSRF attacks with ColdFusion 10

March 20, 2012

What is CSRF? Cross-site request forgery abbreviated as CSRF is also known as one-click attack or session riding. CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. (More info in OWSAP site) Examples: In order to explain further I am providing here very simple and small examples of CSRF attacks taking example of CFML form. Of course real life scenarios may be much more complicated and may have validations on forms etc, but for the sake of simplicity I am skipping those things. CSRF using POST

Read more here:
Protecting web applications from CSRF attacks with ColdFusion 10

Previous post:

Next post: