Skip to content

Request Forgery: CSRF Post Based

Identifier: frontend_csrf_post_based

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

POST based CSRF happens when an attacker tricks a user's browser into making a POST request that the server thinks is legitimate because the browser automatically sends authentication data like cookies. Essentially, the attack exploits when your server accepts requests in a flexible wayespecially if it accepts different content types like form submissionsinstead of strictly enforcing something like a JSON payload. This can lead to dangerous actions like altering data or making unintended financial transactions, because the user's credentials are automatically submitted without their explicit intention. Developers often mistakenly relax validations on the type of content their endpoints accept, making it easier for attackers to use the browsers credentials to their advantage.

Configuration

Example

Example configuration:

---
security_tests:
  frontend_csrf_post_based:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.