CSRF token value is editable by ZAP tool - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=22) +--- Thread: CSRF token value is editable by ZAP tool (/showthread.php?tid=47566) |
CSRF token value is editable by ZAP tool - El Forum - 12-13-2011 [eluser]vicky_ratnesh[/eluser] Hi All, I am facing a problem while doing one project. I have implemented CSRF functionality for my web pages. All are working fine... only we are able to edit the csrf_token values from a security testing tool [named ZAP tool] and able to append some malicious information and also able to post the form,which should not happen ideally. Is there anyway so that this csrf_token cookie can be non-editable or any other suggestion to avoid this..? Many many thanks. |