Question

Hey Bob! Click this link: fakebank.lol/transfer?to=223944&amount=2000 Is an example of what type of attack AND what...

Hey Bob! Click this link: fakebank.lol/transfer?to=223944&amount=2000

Is an example of what type of attack AND what is the best defence againts it.

choose the answer below:

Cross-Site Request Forgery & Strong password

Cross-Site Request Forgery & Not using a custom built token system

Session Fixation & Anti-CSRF Token

Session Forgery & Not using a custom built token system

Cross-Site Request Forgery & Anti-CSRF Token

Session Fixation & Strong password

Session Fixation & Not using a custom built token system

Session Forgery & Anti-CSRF Token

Session Forgery & Strong password

Homework Answers

Answer #1

Cross-Site Request Forgery & Not using a custom built token system

When the fakebank.com generates the HTML view which contains a form, it also adds a hidden input with the value of the token stored in the session. This way when a POST request is received by the fakebank.com it can verify that the hidden input is available or not and it can also compare its value to the value stored in the session.

My preferred method is to do requests with AJAX (XHR/Fetch) that permit custom header and checking on the server side that the custom header exists, but it's opinion based.

Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for?
Ask your own homework help question
Similar Questions
ADVERTISEMENT
Need Online Homework Help?

Get Answers For Free
Most questions answered within 1 hours.

Ask a Question
ADVERTISEMENT