Maarten Balliauw 1/9/2019

Help, I've inherited an ASP.NET MVC Core code base with no Cross-Site Request Forgery (CSRF) measures!

Read Original

This technical article addresses the challenge of securing an inherited ASP.NET MVC Core application with no Cross-Site Request Forgery (CSRF) protection. It explains CSRF risks, introduces the [ValidateAntiForgeryToken] attribute, and outlines a series on methods to locate vulnerable action methods, including using Structural Search and Replace and unit testing, while discussing explicit vs. global validation approaches.

0 comments
#security #Csrf #Aspnet Mvc
Help, I've inherited an ASP.NET MVC Core code base with no Cross-Site Request Forgery (CSRF) measures!

Comments

No comments yet

Be the first to share your thoughts!

Browser Extension

Get instant access to AllDevBlogs from your browser

Top of the Week

1
Quoting Thariq Shihipar
Simon Willison 2 votes
2
The Beautiful Web
Jens Oliver Meiert 1 votes
3
Container queries are rad AF!
Chris Ferdinandi 1 votes
4
Top picks — 2026 January
Paweł Grzybek 1 votes
5
In Praise of –dry-run
Henrik Warne 1 votes
6
Deep Learning is Powerful Because It Makes Hard Things Easy - Reflections 10 Years On
Ferenc Huszár 1 votes
7
Vibe coding your first iOS app
William Denniss 1 votes
8
AGI, ASI, A*I – Do we have all we need to get there?
John D. Cook 1 votes
9
How to Add a Quick Interactive Map to your Website
Miguel Grinberg 1 votes