A company's web application is vulnerable to a type of attack where unauthorized commands are sent from a user that the web application trusts. Which of the following is the BEST mitigation technique to prevent this type of vulnerability?
Cross-site Request Forgery (CSRF) vulnerabilities allow unauthorized commands to be transmitted from a user that the application trusts. The use of anti-CSRF tokens is the best mitigation technique because it ensures that the web application validates the user's intended actions by matching the token with the one it issued, therefore preventing CSRF attacks. Using input validation may prevent other types of attacks such as SQL Injection or XSS, but not CSRF. Implementing a content security policy can help mitigate XSS and clickjacking attacks, but not CSRF specifically. While parameterized queries are used to prevent SQL Injection, they do not protect against CSRF.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are anti-CSRF tokens and how do they work?
Open an interactive chat with Bash
What are the consequences of a CSRF attack?
Open an interactive chat with Bash
How does implementing strict input validation differ from anti-CSRF tokens?