Lecture4 CSRF

Question 1

CSRF typically used to ..

Answer 1

CREATE, DELETE, UPDATE (or CHANGE)

Question 2

Both OSRF and CSRF rely on the following:

Answer 2

1) Cookies and HTTP authentication info
2) Web page functions which rely on Cookies and HTTP authentication info known by the web browser
3) Knowledge of valid web app URLS
4) The existence of HTML elements which call
back to server resources.

Question 3

OSRF vs CRSF

Answer 3

OSRF: Means that an attacker is trying to use something like XSS to create a request on that web page itself i.e. the code that generates the request is posted on the same server as the site that you are looking to fool the authenticated users
CSRF: looking to have a 3rd party website that generates a request for an object or url
- don’t need to know session id or cookie info

Question 4

Black box testing vs Grey box testing

Answer 4

Black box testing: you don’t know the code behind MyBank.com. You reverse engineer what is going on step by step
Grey box testing: you do have access to some code

Question 5

What is a nonce?

Answer 5

A one-time key e.g. per-session nonce, per-request nonce

Question 6

CSRF Mitigation Do’s

Answer 6

1. Generate a unique nonce for each form.

2. Same origin policy HTTP header.

Question 7

CSRF Mitigation Do Not’s

Answer 7

1. Secret Cookie
2. Accepting only POST Requests
3. Multi-Step Transactions
4. URL Rewriting
5. HTTPS

Question 8

How to protect yourself from CSRF attacks

Answer 8

1. Log out of applications
2. Change default passwords
3. Different browser for sensitive browsing
4. Virtual Machine