This article is a part of our Web Security Knowledge Base (back to index)
Why Anti CSRF Tokens Scanner can be dangerous
The ‘Anti CSRF Token Scanner’ alert means that it might be possible to perform a CSRF attack against your website.
A cross-site request forgery (CSRF) is an attack that involves forcing a victim to send a HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. In other words, this attack tricks the victim user into submitting a malicious request. Usually browser requests automatically include the user's session cookie, IP address and so on. So if the user is authenticated, the site won’t be able to distinguish between the forged request and a legitimate one.
It often targets functionalities that cause a state change on the server, such as changing the victim’s password or email address, or purchasing something.
How to fix Anti CSRF Tokens Scanner
Do not use GET method for requests that trigger any state change.
Ensure that your application is free of cross-site scripting (XSS) issues.
Generate a nonce for each form, place it into the form and verify the nonce upon the receipt of the form (can be bypassed using XSS).
Identify dangerous operations and send a separate confirmation request when the user intends to perform that operation (can be bypassed using XSS).
Check the HTTP Referer header to see if requests originate from your page.
How does ScanRepeat report Anti CSRF Tokens Scanner
ScanRepeat checks whether the page is vulnerable to CSRF attacks or not by resending requests which include user’s session cookies. It reports all URLs which have been found vulnerable to CSRF.
Would you like to test your application now against this problem? Sign up for our free trial