A company's web application is vulnerable to an attack in which unauthorized commands are sent from a user that the application trusts. Which of the following is the BEST mitigation technique to prevent this vulnerability?
The described attack is cross-site request forgery (CSRF). Implementing anti-CSRF (synchronizer) tokens is the most effective mitigation because the server can verify that each state-changing request carries a token it issued, proving the request originated from the legitimate application context. Input validation, content security policies, and parameterized queries address other classes of attacks (e.g., SQL injection, XSS) but do not reliably stop CSRF.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a CSRF token and how does it work?
Open an interactive chat with Bash
How does CSRF differ from XSS attacks?
Open an interactive chat with Bash
Why is input validation not effective against CSRF attacks?