{"id":28539,"date":"2018-05-04T09:09:29","date_gmt":"2018-05-04T07:09:29","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=28539"},"modified":"2018-05-04T09:09:29","modified_gmt":"2018-05-04T07:09:29","slug":"cross-site-request-forgery-csrf-prevention-cheat-sheet","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/","title":{"rendered":"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet"},"content":{"rendered":"<!-- google_ad_section_start -->\n<p>&#8220;<a href=\"https:\/\/www.owasp.org\/index.php\/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet\">Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet<\/a>&#8221; is a list of general recommendations and specific techniques to protect web applications against the <a href=\"https:\/\/www.owasp.org\/index.php\/Cross-Site_Request_Forgery_(CSRF)\">CSRF<\/a> attacks.\u00a0 That is, before the <a href=\"https:\/\/mamchenkov.net\/wordpress\/2017\/08\/29\/the-end-of-csrf\/\">CSRF attacks will become obsolete<\/a>.<\/p>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>&#8220;Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet&#8221; is a list of general recommendations and specific techniques to protect web applications against the CSRF attacks.\u00a0 That is, before the CSRF attacks will become obsolete.<\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet #WebDev #security #browsers","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,18,62,1334],"tags":[3069,20,200,1330],"keyring_services":[],"class_list":["post-28539","post","type-post","status-publish","format-standard","hentry","category-general","category-programming","category-technology","category-web-work","tag-best-practices","tag-browsers","tag-security","tag-web-development"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":27883,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/08\/29\/the-end-of-csrf\/","url_meta":{"origin":28539,"position":0},"title":"The end of CSRF?","author":"Leonid Mamchenkov","date":"August 29, 2017","format":false,"excerpt":"\"The end of CSRF?\" blog post talks about the new feature coming to browsers - SameSite cookie enforcement, which will help in getting rid of Cross-Site Request Forgery (CSRF) attacks. \u00a0Too bad this is currently only supported by Google Chrome (both desktop and mobile), and Opera. \u00a0But I'm sure it's\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":36383,"url":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/","url_meta":{"origin":28539,"position":1},"title":"Intro to basic web application security","author":"Leonid Mamchenkov","date":"February 27, 2019","format":false,"excerpt":"\"Intro to basic web application security\" is an excellent overview of the most common mistakes web developers make when it comes to security. The article provides practical examples (including code snippets and screenshots), which illustrate the problems and ways to solve them. The list includes: SQL injection (of course! no\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":21722,"url":"https:\/\/mamchenkov.net\/wordpress\/2014\/04\/29\/composer-cheat-sheet-for-developers\/","url_meta":{"origin":28539,"position":2},"title":"Composer Cheat Sheet for developers","author":"Leonid Mamchenkov","date":"April 29, 2014","format":"link","excerpt":"Composer Cheat Sheet for developers","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":28968,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/11\/12\/wordpress-configuration-cheat-sheet\/","url_meta":{"origin":28539,"position":3},"title":"WordPress Configuration Cheat Sheet","author":"Leonid Mamchenkov","date":"November 12, 2018","format":false,"excerpt":"\"WordPress Configuration Cheat Sheet\" is a collection of about 10 tips for a more secure WordPress configuration file.\u00a0 Obviously, not all of them can always be applied, but it's a good idea to review your own settings once in a while and to disable unnecessary bits.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27730,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/06\/27\/graphical-vi-vim-cheat-sheet-and-tutorial\/","url_meta":{"origin":28539,"position":4},"title":"Graphical vi-vim Cheat Sheet and Tutorial","author":"Leonid Mamchenkov","date":"June 27, 2017","format":false,"excerpt":"Graphical vi-vim Cheat Sheet and Tutorial is yet another attempt to explain and visualize Vim commands to the editor's new users. This is a single page describing the full vi\/vim input model, the function of all keys, and all major features. You can see it as a compressed vi\/vim manual.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/06\/vi-vim-cheat-sheet-500x354.gif?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":16720,"url":"https:\/\/mamchenkov.net\/wordpress\/2012\/09\/18\/bash-redirections-cheat-sheet\/","url_meta":{"origin":28539,"position":5},"title":"Bash Redirections Cheat Sheet","author":"Leonid Mamchenkov","date":"September 18, 2012","format":"link","excerpt":"Bash Redirections Cheat Sheet Even the experienced bash users will probably find a couple of new things in this cheat sheet.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/28539","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=28539"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/28539\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=28539"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=28539"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=28539"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=28539"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}