Security Test: GET based CSRF¶

Description¶

Default Severity:

GET based CSRF is when an external site tricks a user's browser into making a GET request to another site where the user is authenticated, leveraging the browser’s automatic inclusion of credentials like cookies. This means that if your API accepts state-changing actions via GET, an attacker can potentially make changes or reveal sensitive data on behalf of a logged-in user without their consent. Developers often fall into the trap of using GET for actions that should change state, assuming GET is harmless simply because it's meant for retrieving data. If not handled carefully, this vulnerability can lead to unauthorized transactions or data breaches, so it's important to separate safe retrieval actions (GET) from actions that modify data (which should use methods like POST with proper checks).

Reference:

https://blog.doyensec.com/2021/05/20/graphql-csrf.html

Configuration¶

Identifier: request_forgery/csrf_get_based

Examples¶

All configuration available:

checks:
  request_forgery/csrf_get_based:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API2:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`6.5.9`
GDPR	`Article-32`
SOC2	`CC1`
PSD2	`Article-95`
ISO 27001	`A.14.2`
NIST	`SP800-53`
FedRAMP	`SC-7`
CWE	`352`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C`
CVSS Score	`7.2`