Requests that execute transactions must not follow any
F007. Cross-site request forgery
CWE-352: Cross-Site Request Forgery (CSRF).
The web application does not, or can not, sufficiently verify whether a
well-formed, valid, consistent request was intentionally provided by the user
who submitted the request.
V4.2 Operation Level Access Control.(4.2.2)
Verify that the application or framework enforces a strong anti-CSRF
mechanism to protect authenticated functionality,
and effective anti-automation or anti-CSRF protects unauthenticated
Ready to start with Fluid Attacks?
Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.