During a recent vulnerability scan of a company's web application, you identified a security risk that allows an attacker to trick users into performing actions they did not intend to perform on a web application where they are authenticated. Which of the following types of controls would be the most effective to recommend in order to mitigate this risk?
Require re-authentication for every transaction performed by the user.
Introduce a Captcha system for form submissions.
Increase the web application session timeout settings.
Implement an anti-CSRF token in the application.