CSRF and Insecure Session Authentication                                    Chapter 6

                VTFS T USVTU BOE B UISFBU UP UIF DPNQBOZ T POMJOF PSEFSJOH TZTUFN BOE
                HFOFSBM CPUUPN MJOF



            Summary


            In this chapter, we covered the basics of Cross-Site Request Forgery (CSRF) as a
            vulnerability, created and validated a CSRF PoC, created a CSRF PoC programmatically,
            and successfully documented the vulnerability for a bug-report submission. Hopefully,
            you've also come away with a sense of why the bug can be so severe, and a few attack
            scenarios you can use for a future impact report.



            Questions


                   1.  What is CSRF?
                   2.  What's one possible attack scenario for a malicious actor who discovers a CSRF
                      vulnerability?
                   3.  What's the typical structure of a CSRF PoC?
                   4.  How do you use a CSRF PoC to validate a vulnerability?
                   5.  What's the advantage of using BeautifulSoup to generate HTML, as opposed to
                      raw string manipulation?
                   6.  What type of CSRF attack did we engage in for our end-to-end example?
                   7.  What kind of CSRF markup would a malicious actor use? How would it differ
                      from our PoCs? How would it be similar?


            Further Reading


            You can find out more about some of the topics we have discussed in this chapter at:

                      Additional CSRF test vulnerabilities: IUUQ   XFCTDBOUFTU DPN DTSG













                                                    [ 114 ]