Confirmed users
491
edits
WebAppSec/Secure Coding QA Checklist: Difference between revisions
Jump to navigation
Jump to search
WebAppSec/Secure Coding QA Checklist (view source)
Revision as of 20:40, 18 July 2010
, 18 July 2010→Test
(→Test) |
|||
| Line 112: | Line 112: | ||
==='''Test'''=== | ==='''Test'''=== | ||
Are CSRF tokens or crumbs required whenever a user performs an action in the system. | Are CSRF tokens or crumbs required whenever a user performs an action in the system? A CSRF token/crumb is typically included as a hidden field and will contain a seemingly random number. There is not standard naming convention for this value. It may appear as "CSRFToken", "Crumb", "formToken" or something similar. | ||
Example: | |||
<form action="site.com/update" method="post"> | |||
<input id="crumb" name="crumb" type="hidden" value="AirJvJaQ0RlLkFbx-1279485485.7191-2dc12b55eed8e310fae2f9ae3cd625cdc8fd83a681c8ea6eacfb3fb059bae" /> | |||
... | |||
</form> | |||
===Testing Scope=== | ===Testing Scope=== | ||