PDA

View Full Version : protect application against CSRF attack.



harmeet771122
1 Feb 2014, 8:57 AM
I am developing Single page application in which all JS code will be loaded on application launch . Application will make calls to asp.net MVC controller to get data.

While a session is active user application is vulnerable to CSRF attack .In such case how to protect application against CSRF attack.

scottmartin
2 Feb 2014, 6:14 PM
You could use a unique security token and verify it server level ( api method: POST)

There are lots of articles on this on the web.
search for: CSRF tokens

quick example:
http://hungred.com/useful-information/solutions-crosssite-request-forgery-attacks/