R174. Transactions without a distinguishable pattern


Requests that execute transactions must not follow any distinguishable pattern.


  1. CWE-352: Cross-Site Request Forgery (CSRF). The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

  2. OWASP-ASVS v4.0.1 V4.2 Operation Level Access Control.(4.2.2) Verify that the application or framework enforces a strong anti-CSRF mechanism to protect authenticated functionality, and effective anti-automation or anti-CSRF protects unauthenticated functionality.

  3. PCI DSS v3.2.1 - Requirement 6.5.9 Address common coding vulnerabilities in software-development processes such as cross-site request forgery (CSRF).

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy