• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CSRF token value is editable by ZAP tool

#1
[eluser]vicky_ratnesh[/eluser]
Hi All,

I am facing a problem while doing one project. I have implemented CSRF functionality for my web pages. All are working fine... only we are able to edit the csrf_token values from a security testing tool [named ZAP tool] and able to append some malicious information and also able to post the form,which should not happen ideally. Is there anyway so that this csrf_token cookie can be non-editable or any other suggestion to avoid this..?


Many many thanks.




Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.